▲ live $0 until we catch your first real bug. No card.

Read every line
your AI writes.

One scanner, every channel your AI ships through — MCP, VS Code, the git hook, the CLI, the deployed site. The Gate reads every file the AI writes and the fix lands in the same chat turn. The Probe finds what changes after deploy.

Install free → See how it works

~30s setup Works in Cursor, Claude Code, Lovable, Replit, Bolt, v0

Trusted by 500+ developers

api/notes.ts · cursor Gate · streaming

14const q = `SELECT * FROM notes WHERE id = ${req.query.id}`;
15const rows = await db.raw(q);
15+ const rows = await db('notes').where({ id: req.query.id });
16// authorization?
17+ if (rows[0]?.userId !== req.user.id) return res.status(404).end();

caught · SQL-i + IDOR · fix applied in 412ms CWE-89 · CWE-639

§ 01 Architecture

Two layers. One complete cycle.

Write-time fixes inside the chat turn. Runtime catches what time changes. Same dashboard, same findings format, same fix-loop into your AI on the next session — so the gap between "we shipped it" and "we fixed it" closes before anyone else finds the bug.

Layer 01 · Gate● write-time

Reads every line your AI writes.

The AI hands us the file it just wrote — through the MCP tool call, the editor save, the git pre-commit hook, or our CLI. We read the content, return findings + a concrete fix, and the AI rewrites the diff in the same chat turn. Sub-second turnaround.

when = the AI just wrote a file

Layer 02 · Probe● runtime

Attacker, on your deployed site.

No tool catches everything at write-time. Maintainers push malicious updates, CVEs drop on shipped packages, edge cases slip through. The Probe hits prod the way an attacker would and pipes findings back to your AI.

when = you're away from the keyboard

Complete cycle prompt → write → read → fix → deploy → probe

01 · you Prompt "Add a password reset." writes

02 · ai Cursor / Claude Writes a file, hands us the content. submits

03 · gate Read + return Every rule class. Findings + the exact fix. fixes

04 · ai Same-turn rewrite AI applies the fix before you see the diff. deploy

05 · prod Deployed Vercel, Fly, Cloudflare — wherever. hits

06 · probe Attacker pass XSS · open redirect · headers · CVEs. finds

07 · ai Source patch Repro + diff land in the next chat turn.

§ 02 Coverage

Every bug shape your AI ships by accident.

Comprehensive coverage across the OWASP Top-10, secret detection, supply-chain, auth, crypto, and AI-coded-app patterns. A sample of classes that show up in real vibe-coded apps every week — each one caught on the same chat turn that wrote it.

001High

Leaked secrets

Stripe / OpenAI / Anthropic / AWS / Supabase keys hardcoded in source. Env vars shipped in client bundles.

002High

SQL & NoSQL injection

String-concatenated queries. Unsanitized operators reaching the engine. Mongo $where, raw().

003High

Missing auth checks

Protected routes without a guard. IDOR via raw object-id params. "Authenticated ≠ authorized."

004High

Supabase RLS gaps

Service-role keys in client code. Tables exposed without row-level policies. The Lovable pattern.

005Med

Typosquats & supply-chain

loadsh, axois, hijacked maintainers, malicious post-install scripts. Caught at the `npm install`.

006High

XSS & injection sinks

Unsanitized innerHTML, dangerouslySetInnerHTML, eval over user input. React-flavoured too.

007Med

Open redirects & SSRF

returnUrl reaching res.redirect without an allowlist. Internal IPs reachable through user input.

008Med

Weak crypto

MD5 / SHA-1 for passwords. Math.random for tokens. Hardcoded IVs. AES-ECB.

009High

JWT misconfig

alg: none accepted. RS ↔ HS confusion in verifiers. Tokens without expiry.

010Med

CORS + credentials

Wildcard origin paired with credentialed requests. The classic AI-suggested footgun.

011Med

Path traversal

User input reaching fs.readFile / fs.writeFile without containment. Zip-slip on uploads.

012High

Exposed admin paths

/debug, /__internal, /admin shipped without auth. Caught at write-time, double-checked by probe.

+ 90 more · prototype pollution · mass assignment · ReDoS · deserialization · race conditions · unsigned webhooks · debug endpoints in prod · dependency-confusion · RCE in lockfile drift

§ 03 Pricing

$0 until we earn it. Then pick the plan that fits.

You only start paying the day we find a real (medium-or-above) vulnerability in your code or deployed site. Until then — every scan, every channel, every install — free. No card. No trial timer. No per-seat games.

Day one, no card · $0 · unlimited scans · every channel · auto-fix inline · full findings monthly · annual saves 30%

Solo unlimited projects

$14.99/ month

For solo founders. The moment we catch a real bug, or you want to probe your deployed app.

Unlimited scans · every channel
AI Quick-Fix inline
1 probe / month
Probe → IDE feedback loop
Email support

Choose Solo →

Startup ● most chosen

$49.99/ month

Real users, weekly auto-monitoring. CVEs, supply-chain drift, leaked secrets — caught while you sleep.

Everything in Solo, plus —
2 probes / month
Weekly auto-scan · CVEs · drift · secrets
Authenticated probe (opt-in)
Email support

Choose Startup →

Business always on

$149.99/ month

For indie hackers shipping multiple production apps. Continuous monitoring, auth + unauth.

Everything in Startup, plus —
Unlimited probes
Daily auto-scan · auth + unauth
Authenticated probe default-on
Priority support < 24h

Choose Business →

§ 04 FAQ

Things people actually ask.

How does free actually work? When do I get charged?

Sign up, connect Literal Security to your AI, build normally. Scans are active from minute one — every file the AI writes runs past us on the same chat turn that wrote it. You only pay if we ever catch a real vulnerability. When that moment comes, we tell you plainly: "We caught your first real bug. To keep the findings flowing, pick a plan." No hidden findings, no auto-conversion — the first time we catch a real bug is the first time you see a charge.

Does it auto-fix the code, or do I have to do it?

Auto-fix is the default. Every finding ships with the exact change to make, and your AI applies it before saving the file — same chat turn that produced the bug. You see the corrected code land directly. For Probe findings, repro steps + the exact patch are queued for your AI's next session.

I don't know what RLS or IDOR means. Does this still help me?

That's exactly who this is for. We translate every finding into a sentence a human can act on: "Anyone could read other users' notes. Add a login check at the top of this function." You don't need the jargon — your AI applies the fix, we just tell it where to look.

Will it slow my AI down?

The check runs server-side and returns in well under a second on typical files. Your AI sees a single tool-use tick in the chat, then keeps going. Compared to the 10–60 seconds it spends thinking about a feature, the security pass is rounding error.

Is my code sent anywhere? What about privacy?

The file content your AI is about to write is sent over TLS, scanned in memory, and discarded. We do not retain source code. We do not train on it. We do not share it. Findings are stored against your account so you can audit them; the underlying source is not.

How is this different from SAST or DAST?

SAST and DAST scan code that has already been written or already shipped — reports you read later. Literal Security runs inside the AI's chat turn: the AI hands us the file it just wrote, we return findings, the AI applies the fix on the same turn — before you ever review the diff. Probe is our complement to DAST for what changes after deploy. Most teams want both.

Read every line your AI writes.