Scan your OSS projects for vulnerabilities

Hi all,

I've had a feeling for a while that there was going to be a war on software based on LLMs controlled by "bad actors." LLMs have gotten really good at finding security vulnerabilities and in the hands of bad actors, it can really ravage the public infrastructure we all rely on. Unfortunately, I've felt like OSS was going to be the first sacrificial lamb so to speak because the code is out there, so easy to identify.

I'm launching zeroquarry.com now for open source maintainers to be able to scan their own code before a bad actor does. Just bring your own LLM key and I'll pay for the hosting infrastructure, development costs, etc for at least the next several months. most scans cost about $5-$20 in tokens using frontier models.

https://youtu.be/bbLYw7j90hA for a demo of how it works

Right now, I'm focused purely on OSS and getting feedback on the product: no option to pay for it. You bring you API key(s), choose your model(s), and run. I've limited the scans to 2x per month for now and 1 concurrent scan at a time by default to try to avoid abuse, but if you're a maintainer of an OSS project and you would like higher limits, just reach out and provide details on your project and I'll bump up pretty much as high as needed. email is shane at the domain

I was going to delay launch until later, but the it's something I've been working on for a few months and the Mythos news really prompted me to move a bit faster. Feedback is generally welcome both here or at the e-mail address above