CodeInspectus: open-source security scanner for AI-generated code
CodeInspectus is a fully open-source, local security scanner that checks AI-generated code for vulnerabilities. It covers 32 checks (13 AI-specific + 19 SAST) and 200+ secret/API-key patterns, catching issues like hardcoded secrets in client-side code, exposed API keys, and insecure RLS policies. It helps developers secure projects built with LLM-generated code.
Entities
Related
agentsweep CLI scans AI coding agent history files for leaked secrets
A new open-source CLI tool called agentsweep scans history files of AI coding agents (Codex, Cursor, Claude Code, Cline, Aider) for plaintext secrets like API keys, DB URLs, and crypto seed phrases. It uses ~191 detection rules from gitleaks plus a dedicated BIP-39 seed phrase detector, addressing a security risk where pasted secrets persist in agent context and can be re-exposed.
LVRP: Open-source local vulnerability research pipeline uses 14B code LLM for exhaustive source-to-sink analysis
A new open-source tool called LVRP (Local Vulnerability Research Pipeline) uses a 14B code-specialized LLM to exhaustively analyze source code for vulnerabilities. It combines code graph and LLM hybrid architecture to enumerate and validate all source-to-sink paths, scaling from small scripts to large codebases like the Linux Kernel and VSCode.
AI code review tool using custom standards file
Surmado's Scout is a low-cost AI code review tool for small teams, solo founders, and vibe coders. It reviews pull requests against a user-defined STANDARDS.MD file, providing feedback on what looks good, what needs work, and a reviewer brief. It aims to be 1/10 the price of Claude.
Local-first CLI that masks PII and secrets before sending to LLMs
LocalMask is a command-line tool that runs locally to detect and mask personally identifiable information (PII) and secrets before data is sent to large language models. It solves the privacy and compliance problem for developers and organizations that need to use LLMs without exposing sensitive data.
Community discusses fragmentation in AI gateway software for production LLM apps
A Reddit discussion highlights that AI gateway software has become a buzzword, with vendors like Nightfall AI, Palo Alto Networks, and NeuralTrust addressing different security problems. Practitioners note that production LLM apps face issues beyond prompt injection, including sensitive data leakage, multi-turn attacks, and agent monitoring, making vendor comparisons difficult.

