Static Analysis for AI-Generated Code
A purpose-built security scanner that catches the vulnerabilities AI coding assistants introduce. 210 rules across five categories — vibe code patterns, agent security, LLM application risks, framework vulnerabilities, and cloud misconfigurations — powered by tree-sitter AST analysis, multi-hop taint flow tracking, and optional AI-assisted triage.
210 Security Rules
10 Languages
5 Rule Categories
SARIF Output
The Problem
Why AI-generated code is a security risk
AI assistants generate code faster than humans can review it. Vibe coding — accepting AI suggestions with minimal scrutiny — is the new normal.
AI optimizes for working code, not secure code. The same hardcoded secret, the same SQL concatenation, the same permissive CORS — repeated across thousands of projects.
Semgrep, Snyk, and CodeQL don't understand prompt templates, agent tool definitions, or LLM output handling. New attack surfaces have zero coverage.
Autonomous agents make real-world decisions with file system access, database writes, and shell commands. No existing tool audits their permission boundaries.
Rules
210 rules targeting five AI-specific vulnerability domains
achilles-ai.features.items.scanner.description
achilles-ai.features.items.ai-codeguard.description
achilles-ai.features.items.agents.description
achilles-ai.features.items.llm-app.description
achilles-ai.features.items.framework.description
achilles-ai.features.items.cloud.description
achilles-ai.features.items.ci-cd.description
achilles-ai.features.items.sarif.description
achilles-ai.features.items.ranker.description
achilles-ai.features.items.policies.description
Capabilities
What Achilles AI delivers
210
Built-in security rules
10
Languages supported
5
AI-specific categories
1
Single binary — no deps
5
Cross-platform builds
3
Output formats
Tech Stack
Rust workspace: achilles-parsers, achilles-core, achilles-ai, achilles-lsp, achilles-cli — tree-sitter, serde, regex, YAML rule engine, taint flow analysis
tree-sitter-javascript, tree-sitter-typescript, tree-sitter-python, tree-sitter-go, tree-sitter-java, tree-sitter-rust, tree-sitter-ruby, tree-sitter-php, tree-sitter-c-sharp, tree-sitter-swift
Mistral AI SDK, Ollama client, configurable model selection, false-positive filtering, severity re-ranking
clap, colored, serde_json, SARIF v2.1.0 output, Language Server Protocol
GitHub Actions (CI + cross-compile release), GitLab CI, Bitbucket Pipelines, pre-commit hooks
Linux (amd64/arm64), macOS (amd64/arm64), Windows (amd64), crates.io
Source Code
The Achilles AI source code is available upon request for evaluation and partnership purposes.
To access the source code, please sign our Non-Disclosure Agreement.
Need help securing AI-generated code in production? Our consulting services complement Achilles AI.
70% of AI pilots never reach production. Get the playbook for the 30% that does.
Unsubscribe anytime. No spam, ever.
Architecture
Three layers: drop-in CLI/CI integration, a 210-rule AST scanner tuned for AI-generated patterns, and an LLM-judged severity ranker that puts the real risks at the top.
Single Go binary, no runtime. CLI for local scans, GitHub/GitLab CI integration, SARIF output for code-scanning UIs. Runs in seconds on a Cursor commit; runs in minutes on a 1M-line Auralink-scale codebase.
AST scanners for Python, TypeScript, JavaScript, Go. Five rule categories: vibe-code patterns, agent-security (tool definitions, capability sprawl), LLM application risks (prompt injection, unsanitised output), framework vulnerabilities, cloud misconfigurations. The patterns SAST tools don't have.
LLM-judged scoring (Mistral local or hosted) re-ranks findings by exploitability against your stack. No more 500-finding reports nobody reads — the top 10 are actually the top 10, with a short explanation a developer can act on.
210 rules across 5 categories
AI assistants optimise for 'works,' not 'secure.' Achilles names every AI-generated anti-pattern we've seen at scale across 1M+ lines of AI-augmented code, then ships an LLM ranker that puts the real risks at the top of the report.
47 RULESHardcoded API keys in prompt templates, SQL via string concat in 'just demo' code paths, unsafe deserialisation, eval of LLM output, secrets logged at INFO. The cluster of patterns that ship when 'works once' beats 'works safely.'
38 RULESTool definitions with no parameter validation, agent capabilities that overlap with admin privileges, missing rate limits on LLM-callable tools, prompt prefixes that leak system identity. The cluster that lets a jailbreak turn into an incident.
52 RULESUnsanitised LLM output rendered as HTML, prompt-injection vectors in user-controlled context, indirect injection via retrieved docs, model-output piped into shell or eval, missing output schema validation. The OWASP-LLM-Top-10 made concrete.
43 RULESNext.js Server Action exposure without auth, FastAPI dependency injection bypass, LangChain chain-of-thought leakage, Django ORM SQL injection via raw(), unsafe template render. Per-framework rules, not generic taint-tracking.
30 RULESPublic S3 with sensitive prefixes, IAM roles with `*` actions, AWS Bedrock cross-account permissions, GCP Vertex AI exposed in a service-account-less context. The cluster that lets a leaked endpoint URL turn into a full data exfiltration.