The Supabase deploy-gate that runs where you vibe-code. Static OSS scanner for the RLS/secret holes that leak vibe-coded apps — CLI + Claude Code skill + GitHub Action.
Static RLS scanner blocks deploys before Supabase leaks hit production.
Line-numbered code mapping for crypto claims builds rare transparency in messaging apps.
Post-trained CTF model that verifies exploits instead of just reporting theoretical vulnerabilities.
Open source authorization engine for AI agents. Confidence-aware gating · Human-in-the-loop review · Policy-as-code · Full audit trail
Four decision outcomes including compute redirect—prompt injection detected before policy runs.
Android deeplink, Intent, and WebView bridge assessment helper for ethical hacking
Intentionally constrained testing APK with no INTERNET permission for safe security assessments.
Cross-scanner CVE deduplication keyed on advisory ID saves real triage time.
Static security scanner for AI agent skill packages. Detects malicious SKILL.md files and bundled scripts before they run.
Catches malicious AI skill scripts when Semgrep and Snyk miss the format.
Terminal UI for WireGuard and OpenVPN with real-time telemetry and leak guarding.
TUI wrapper around WireGuard when official clients already exist.
Agent-first encrypted sharing with curl workflow and client-side decryption keys.
Best-effort secure file shredder for Windows with multi-pass overwrite, NTFS ADS handling, and live progress.
Four-pass overwrite with NTFS ADS handling, but SDelete and BleachBit already exist.
One proxy for 25 registries when Snyk and Dependabot already scan dependencies.
Hybrid Post-Quantum cryptographic library: Kyber1024 KEM + MRS(19,9) Diophantine key derivation + AES-256-GCM encryption.
Claims 5-6x faster than HKDF-SHA256, but author admits MRS adds no security with public session IDs.
Hardware-isolated sandbox for running coding agents on your repos, on macOS. The agent never sees your real API key; egress is deny-by-default; only a diff you approve leaves the sandbox.
Host-side API key gateway keeps credentials out of agent sandboxes entirely.
Open-source Rust app for macOS and Windows. Detects Cluely, Interview Coder ,LockedIn, Parakeet-style tools, and other interview copilots. Don’t cheat :)!
Process name detection is trivial to bypass by renaming executables.
Interactive demo shows 12 storage vectors re-seeding your ID after you clear them.
True PDF redaction burns opaque rectangles so hidden text isn't recoverable.
Local secret firewall for AI coding assistants (Claude Code/Cursor/aider) — scans + redacts secrets before anything leaves the machine. Local-first, zero cloud. MIT.
Local secret scanning beats GitGuardian when compliance bans cloud-dependent tools.
Rootsign is an open-source tamper-evident decision and action provenance logging library for AI agents
Cryptographic hash chains make agent action logs legally defensible—LangSmith and Langfuse don't do this.
Agent-to-agent delegation with act-claim chains for MCP authorization flows.
Regentix is an MCP proxy that transforms LLM intents into safe, policy-controlled tool executions using Rego and an AI rule engine.
Rego policy engine blocks destructive MCP tool calls before execution.
Roles, segregation of duties, and tamper-evident audit for the AI agents you already run. Open-source, self-hosted.
Hash-chained audit logs with Ed25519 signing make agent actions verifiable offline.
Soak time quarantines new packages for 48 hours to catch malicious releases before production.
A privacy-focused steganography toolkit that helps you hide encrypted messages inside everyday images and audio without raising eyebrows.
Steganalysis at Aletheia parity with 100× faster RS detection, plus deniable dual-passphrase mode.
Yet another RAG security layer when Lakera Guard already exists.
Local-only steganography with AES-256 encryption beats server-side tools on privacy.
EPSS prioritization cuts CVE noise, $14/mo undercuts Snyk's per-seat pricing.
Deterministic scoring beats black-box ML, but Chainalysis and TRM Labs own this space.
Maps email auth protocols to specific NIS2 paragraphs auditors actually reference.
On-device redaction with pixel flattening beats cloud tools for HIPAA workflows.
Compelling manifesto with zero code - spec-as-substitute-for-product pattern.
Another P2P chat when Session and Briar already dominate this space.
Behavioral security monitoring for JVM dependencies. Catches malicious package updates before CVEs exist
Catches malicious dependency updates before CVEs exist, unlike Snyk or Dependabot.
SCA for agent configs when Snyk and Dependabot can't read mcp.json files.
Privacy-first voice verification when ID upload and facial scanning dominate compliance.
First security toolkit for MCP servers with Burp and sqlmap integration.
XDP drops packets before the kernel stack while nftables handles stateful logic.
Maps cross-agent injection attacks to real Copilot CVEs with live measurements.
SHA-256 hash chains and SMT proofs make AI agent logs actually verifiable.
403 error blocks access — academic paper without working implementation.
Combines five domain security checks with weighted scoring, but SecurityHeaders and SSL Labs already exist.
Catches auth middleware removals that Snyk and Semgrep would miss entirely.
Slack video blocks as encrypted iframe carriers is genuinely clever security research.
Free, comprehensive security reference guides for every major AWS service. Attack vectors, misconfigurations, CLI commands, and detection indicators
75 AWS security cards with attack vectors and detection, but AWS security docs already cover this.
No-KYC personal VPN servers, but self-hosted WireGuard and Outline already solve this free.
Burp proxy and sqlmap integration for MCP servers nobody's testing yet.
Runtime enforcement beats periodic scanning, but zero stars suggests this just launched.
46 projects
