Nullgaze: Open Source AI-Supported Security Scanner Released

Nullgaze is a newly released open source security scanner designed specifically to address vulnerabilities in AI-generated code. Utilizing Claude, the project offers rapid identification of issues like hallucinated npm packages and Supabase key exposures in less than ten seconds per URL scan.

Key Details

The tool is built on a Rust and Axum backend and a Next.js 16 and React 19 frontend. Nullgaze's FSRS-6 spaced repetition engine tailors its scanning processes, dynamically adjusting the likelihood of false positives and reinforcing detection of confirmed threats. Upon detecting a false positive, the model is tuned to decrease the probability of future similar false identifications, while confirmed vulnerabilities strengthen the system's detection patterns.

Offering over 111 detection signatures, Nullgaze specializes in identifying AI-specific vulnerabilities ignored by legacy tools like Snyk and Checkmarx. It effectively pinpoints defects in Row Level Security policies and identifies AI-generated anti-patterns from platforms such as Cursor, Copilot, Lovable, and Bolt. The scanner also features a gamified user interface, rewarding developers with experience points and achievement badges to advocate for consistent security checks.

• Immediate URL scanning without account registration.
• Full source code available under AGPL-3.0 license.
• 390 tests currently define its scanning capabilities.

This tool is particularly beneficial for developers who frequently work with AI-generated code and need a more adaptive and responsive security scanning approach.