Use Cases
Security
AI-assisted code review and threat modeling.
Security work is review-heavy and pattern-heavy — exactly where AI agents thrive. I run automated SAST + LLM-augmented review against PRs, with humans signing the high-impact findings.
- PR-time AI security review (OWASP top 10, secrets, supply chain)
- Threat model docs auto-drafted from architecture
- Audit-grade logs of every check
Why
Security review is pattern-matching at scale — exactly where AI agents are strongest. Letting them filter the obvious issues frees your humans to do the judgement calls that actually need a brain.
How
- AI pass on every PR for OWASP + secrets + supply chain
- Threat model auto-drafted, human-signed for high-impact services
- Audit log of every check, exportable for compliance
Proof
- Coverage on prod repos
- 100%
- Median issues caught/PR
- 1.2
- Audit trail
- fully exportable
Security — AI-assisted scan and triage
Scan · Score · Triage · Fix · Verify
Hover or tap a node to see details.
FAQ
- Does AI introduce or reduce risk in a security audit?
- Both — and net-reduce when the harness is right. AI fans out scanning and triage at speed, but findings still need human judgement. The win is more eyes on more diff, faster — not unmoderated autopilot.
- Can AI write fixes?
- For lint-grade and known-pattern fixes (SQL injection, missing CSRF, hard-coded secrets) — yes, reliably. Architectural fixes still need humans. Subagents propose, humans approve.
- How do you stop AI from hallucinating vulnerabilities?
- Cross-check every finding against runtime evidence (does the path actually exist? does the input flow there?). The clustering + exploitability score step kills the noisy false positives before triage.
In production
- Pre-launch fleet scan
Combined static + secret + dependency scan caught 3 critical findings across the 13-site fleet before public launch.
- Subagent-driven triage
False-positive rate dropped 60% when the triage agent clusters and scores exploitability before human review.
- Patch-proposal subagent
Lint-grade and known-pattern fixes proposed by a fixer subagent — human reviews and approves.