Open-source skill suite · Apache-2.0

Security audit for anything you built with AI.

One suite, three pillars. The bodyguard your AI didn’t ship with.

Safety infrastructure for the AI agent era: secure the AI you use, secure your company, and scan the world for the bugs AI assistants leave behind. Plain English, right where you code, in under a minute, before you ship.

Apache-2.0 No telemetry 3,700+ findings · 0 exploited 20-yr security engineer

Works with Claude Code Cursor OpenClaw Codex Antigravity local models (Hermes) Same tools, any agent, zero cloud tokens on local.

~/my-app · claude code
# in your project, inside Claude Code or Cursor:
/lictor-security-check

CRITICAL  Supabase service key is in bundle.js:1247
          anyone with your URL has full database write access.
HIGH      /api/users returns every row to any logged-in user.
MED       Stripe webhook isn’t signature-checked.  (+5 more)

✓ 142 files scanned in 48s · report saved to SECURITY-AUDIT.md

The platform

One suite. Three pillars.

Lictor is one engine (Core) and one dashboard (Guardian), pointed at three jobs: the AI you use, the company you run, and the world you ship into.

For AI Shipped

Lictor for AI

Secure the AI you use. Four skills that install into Claude Code as one plugin, two commands. The bodyguard your assistant didn’t ship with.

  • /lictor-security-check: the 48-check audit, in plain English
  • /lictor-explain translates any finding or security warning
  • /lictor-fix-it applies each fix with your approval
  • /lictor-rotate walks a leaked key through rotation
Install
For Business Live

Lictor for Business

Secure the company. We watch your public footprint for the secrets, databases, and open endpoints your AI tools leave exposed, then alert you before anyone else finds them.

  • Patrol monitoring: continuous external-exposure scanning of your domains + repos
  • Leaked API keys, exposed databases, open admin, takeover-able subdomains
  • Permission-based, observe-only; findings redacted at the source
  • Plans from $49/mo (Silver, Gold, Diamond)
See plans
Patrol Scanning now

Lictor Patrol

Scan the world. External attack-surface recon that finds the bugs AI assistants leave behind, at internet scale.

  • Scanning the public internet now for AI-built apps leaking live keys
  • Finds leaked secrets, exposed databases, open auth, takeover-able subdomains
  • A real track record: 3,700+ critical & high-severity findings, criticals reported to owners, none ever exploited
  • Ethical disclosure only. Categories and counts, never a victim’s name
Scan a URL

Under all three: one engine (Core) and one dashboard (Guardian).

Founding supporters

Be one of the first 100 people to back Lictor.

Open-source security audits for AI-built apps. Apache 2.0. Built by a 20-year security engineer who got tired of watching Lovable/Bolt/v0 apps leak Firebase keys on day one.

/ 100
Star on GitHub, 4 seconds

Takes 4 seconds. Costs nothing. It’s the difference between “interesting project” and “trusted by thousands.”

Founding supporters · the wall

loading from GitHub…

Live from the GitHub stargazers API · no auth needed · full list →

Lictor for Business · Live

We watch what you accidentally leave open.

Patrol monitoring keeps an eye on everything you expose: your domains, your code repos. It hunts for the secrets, databases, and open endpoints AI-built apps leak on day one. When something opens up, you hear it from us first, with the fix already attached.

Step 01 · Connect

Add your assets.

List the domains and GitHub orgs you want watched, and record consent. Two minutes, nothing to install. We only ever look at what you authorize.

Step 02 · Watch

We scan, continuously.

Patrol checks your public surface on a schedule: leaked API keys, exposed databases, open admin panels, takeover-able subdomains. Observe-only. It never touches your systems.

Step 03 · Alert

You hear it first.

The moment something opens up, you get an alert: what it is, how bad, and how to close it. The secret is masked at the source, so the report itself never carries a live one.

patrol · exposure monitor
api.acme.com/.env        EXPOSED   secret (redacted)
db.acme.com:5432         OPEN      postgres · no auth
admin.acme.com           OPEN      dashboard · no login
staging.acme.com         TAKEOVER  dangling CNAME
www.acme.com             clean

A real track record. 3,700+ critical and high-severity findings across the public internet: leaked keys, exposed databases, open admin panels, subdomain takeovers. The critical ones went straight to their owners. None was ever exploited. We report categories and counts, never a victim’s name. See what we’re finding in the wild →

Permission-based and observe-only. We scan only the assets you authorize, we never store a live secret, and every finding is redacted before it reaches you. Plans from $49/mo.

/lictor-security-check

One slash command. Eleven agents. Plain English.

Lictor ships as a Claude Code skill suite. Install once, run from any project. No dashboard to learn, no jargon to translate, no “contact sales” banner.

01

48 checks

The full OWASP Top 10 for Web, API, Mobile & LLM, plus CWE Top 25. See all 48 →

02

Plain English

No “information disclosure vulnerability,” just “anyone can read your customer list.”

03

Three siblings

Run /lictor-explain, /lictor-fix-it, /lictor-rotate.

04

100% local

No token, no signup, no telemetry, no per-seat pricing.

Install in 60 seconds

Install

Two commands in Claude Code.

The Lictor skill suite installs as a Claude Code plugin. Free, Apache-2.0 open source, and it runs entirely on your own machine.

/plugin marketplace add Raffa-jarrl/Lictor-AI
/plugin install lictor-security-suite@lictor-ai

Then open any project and run /lictor-security-check. The plugin gives you four skills:

01 · Audit

/lictor-security-check

The 48-check pre-release audit. Reads your code and writes a report in plain English.

02 · Explain

/lictor-explain

Takes any finding, error, or security jargon and explains what it actually means.

03 · Fix

/lictor-fix-it

Walks the findings one at a time, shows each change, and applies it with your approval.

04 · Rotate

/lictor-rotate

Step-by-step rotation for a leaked key, specific to the provider it belongs to.

Every skill is plain markdown you can read before you run it: browse the source on GitHub. Using Cursor or another editor? The same markdown files work anywhere skills or rules are supported.

The crew

The crew that runs the audit.

Most AI security tools are a black box: input goes in, findings come out. Lictor’s 11 specialist agents are named, transparent, and surface their work. You see which agent found what, and why.

Wolf Orchestrator

Reads your project, plans the audit, hands work to the right specialist. Surfaces a daily briefing so you always know what the crew did and what’s next.

Owl Quality gate

Scores every finding against three audience personas before it ships. A finding less than 6/10 doesn’t make the report.

Hawk Pattern scout

Hunts the bug shapes vibe-coders ship most: RLS gaps, env-var leaks, unsigned webhooks, hallucinated dependencies.

Lyrebird Voice keeper

Translates every finding into plain English. Not “information disclosure vulnerability,” but “your /api/users page gives out the customer list to anyone.”

Bee Fix designer

For every issue, drafts the smallest possible fix and the exact file + line to put it in. One paragraph, one diff, one rotated key.

Mantis Audit auditor

Weekly reviewer that grades the crew’s own work. Catches false positives, drifting voice, missed patterns.

Plus five more: Octopus (engineering), Mongoose (currency tester), Bat (hook crafter), Starling (virality intel), Cuttlefish (aesthetic curator). Every check the crew runs is a markdown file you can read. Read the checks

Why now

Why now.

40 to 62% of AI-built code ships vulnerable

91.5% of vibe-coded apps had at least one AI-hallucination flaw in Q1 2026. Recent incidents exposed tens of thousands of users via simple RLS misconfigurations. 8 million people use these platforms. Most of them don’t know what an “RLS policy” is.

Enterprise tools weren’t built for you

Snyk, Veracode, Checkmarx: they all assume a 5-developer team and a CISO who speaks SOC 2. Lictor assumes you, an AI assistant, and an app you shipped over a weekend.

Plain English isn’t a feature. It’s the product

Every Lictor finding is written as “your X does Y, anyone can do Z.” No CVE numbers in the headline. No CVSS scores. If the finding can’t be explained to a non-technical co-founder, Lyrebird rewrites it.

Open source so trust is verifiable

Apache 2.0. The whole skill suite is public, and every one of the 48 checks is a markdown file you can read before you run it. Nothing sits between your code and the report. Read it. Run it. Fork it. Trust comes from the code, not from a certificate.

FAQ

Questions before you scan.

The things people actually ask before running a security check on an app they built with AI.

Q.01Is my AI-generated app secure?
Usually not on the first ship. Industry research finds 40 to 62% of AI-generated code contains a vulnerability. Most often it’s an API key exposed in the browser bundle, or a database with no access rules. It’s worth running a quick check before you go live.
Q.02How do I check if my Lovable, Bolt, v0 or Cursor app has security holes?
Run Lictor’s free /lictor-security-check inside Claude Code (or via MCP in Cursor, Windsurf, Cline). It walks your project and runs 48 checks tuned to the bugs AI assistants ship most, mapped to the full OWASP Top 10 for Web, API, Mobile, and LLM apps, plus the CWE Top 25. You get a report anyone can read in about a minute. No signup.
Q.03Is Lictor free?
The audit is. The Lictor skill suite (security check, explain, fix-it, rotate) is free and Apache-2.0 open source, with no per-seat pricing and no “contact sales.” The paid product is hosted exposure monitoring for businesses, from $49/mo.
Q.04Does Lictor send my code anywhere?
No. The audit runs 100% locally inside your AI coding tool, with no token, no signup, no telemetry. Your code never leaves your machine, and every check is a markdown file you can read.
Q.05What does Lictor check for?
Leaked API keys and secrets, exposed databases (missing Supabase/Firebase row-level security), unprotected API routes, client-side-only auth, over-permissive CORS, and prompt-injection surface in AI features. These are the failure modes AI-built apps ship most.
Q.06How is Lictor different from Snyk or Aikido?
Those are built for dev teams with a CISO and a budget, and they run after you deploy. Lictor is free, speaks plain English (no CVSS scores), and runs right where you code, before you ship, so a solo founder can use it without a security background.
Q.07What’s the most common security bug in vibe-coded apps?
Missing row-level security on Supabase or Firebase, which lets anyone read everyone’s data, plus API keys hardcoded into the front-end bundle. Both are easy to find from the outside, so Lictor flags them first.
Q.08Can Lictor fix the issues, not just find them?
Yes. Run /lictor-fix-it and it walks each finding one at a time, shows the exact change, and applies it with your approval. For leaked keys, /lictor-rotate walks you through rotating them at the provider.

Who’s building this

Who’s building this?

Twenty years of writing security reports that nobody outside compliance teams could read.

Lictor is built by a 20-year cybersecurity engineer based in Israel. Twenty years of enterprise security work at Fortune 500 companies and security architecture for venture-backed startups.

Lictor exists because the people shipping the most software right now don’t have a CISO. Solo founders building an AI-generated SaaS on Saturday, indie hackers prototyping with an AI assistant at midnight, designers shipping an AI-built backend before their morning coffee. They have themselves, an AI assistant, and 48 hours to ship something. They need security tooling that speaks plain English and doesn’t require a sales call.

Built by a 20-year cybersecurity engineer · Israel