Product updates, security insights, and technical deep-dives from our team. Learn how we're building the fastest security scanner for DevSecOps.
We ran CodeSlick across vercel/ai, LangChain.js, openai-node, and MCP Servers — 5,381 files, 20,355 findings. Three failure modes appear in every repository: missing error handling, missing null checks, and hardcoded credentials in examples. Here is what the patterns mean for developers building on top of these libraries.
Anthropic launched Code Review in Claude Code — a multi-agent PR reviewer that flags logic errors and costs $15–25 per scan. It's genuinely useful. Here's what it doesn't do, and why your security team still needs deterministic SAST.
MCP servers expose tools that AI models call with untrusted arguments. Command injection, path traversal, missing input validation — the same vulnerabilities we secured in web APIs are now hiding in your AI tooling. Here's what CodeSlick's 12 new MCP checks detect.
I ran Endure on the codeslick2 repo — the codebase that contains Endure — and found a calibration bug in the scorer. Here is what the analysis found, what changed, and what the tool still cannot do.
We ran CodeSlick on vercel/ai — 2,900 files, 1.5M weekly downloads — to understand what security debt looks like in a well-maintained project at scale. Prototype pollution, command injection, and AI-hallucinated methods hiding across eight packages.
Most systems don't collapse because of one bad decision. They weaken slowly — through intent drift, hidden coupling, and compounding opacity. Here's how fragility forms, and what structural inspection looks like.
AI handles 80% of predictable code remarkably well. The other 20% — rare inputs, legacy quirks, atypical integrations — is where systems fail. Here's the reasoning gap no model can fill, with real examples from Log4Shell, Heartbleed, and Facebook's 2021 outage.
Lost intent, silent drift, debt blindness, knowledge silos, maintenance roulette, stale code anxiety. Six real patterns — with six real incidents (Knight Capital, xz backdoor, CrowdStrike) — and how Endure addresses each one.
Anthropic just launched Claude Code Security — a research preview that finds complex vulnerabilities using semantic reasoning. The right question isn't whether to use it. It's where it fits in your pipeline. Here's the full picture.
The prevailing narrative says AI will automate cybersecurity and reduce headcount. It is structurally wrong. AI is expanding the attack surface, multiplying security roles, and creating a skills gap no automation can fill.
AI-accelerated development is widening a hidden gap: architectural entropy. When functions multiply at machine speed, structure decays at human speed. Here's the discipline that cannot be delegated.
41% of all code is now AI-generated. From agentic workflows to vibe coding—here's what's really happening and why governance is the new competitive advantage.
Comprehensive security audit of OpenClaw AI assistant reveals 277 CRITICAL vulnerabilities including command injection and SQL injection. Learn how to secure local-first AI platforms.
How we fixed two major problems: security issues that get forgotten, and "security passed" that still breaks production. Real improvements based on what developers kept telling us was broken.
We analyzed 10,000+ code snippets from GitHub Copilot, Cursor, and Claude Code. 47% contained security vulnerabilities. Most developers merged them without review.
The gap between human and AI reasoning is real—and it's showing up in your codebase. Learn how CodeSlick protects against AI-generated code threats.
Independent AI evaluation highlights CodeSlick's speed advantage and security-first approach. See how we compare to competitors.
Start securing your code with the fastest security scanner for GitHub teams.