Security Audit Experiment Shows AI Agent Performance Depends on Knowledge Access

A Reddit user conducted an experiment comparing AI security audit approaches on the same codebase to test how knowledge access affects results. The experiment used BoxyHQ's open source Next.js SaaS starter kit as the test subject.
Three Audit Methods Compared
The developer ran three independent security audits:
- Claude Code's built-in security review: Found 1 critical, 6 high, and 13 medium severity issues
- AI agent without extra context: Found 1 critical, 5 high, and 14 medium severity issues
- AI agent with 10 professional security books: Found 8 critical, 9 high, and 10 medium severity issues
Key Findings
The book-equipped agent identified vulnerabilities that the other methods completely missed, including:
- Password reset tokens stored in plaintext
- A TOCTOU (Time-of-Check to Time-of-Use) race condition on token validation
- A feature flag that calls
res.status(404)but doesn't return, allowing execution to continue
The developer noted these aren't obscure edge cases but the type of issues that appear in real security breaches. The experiment used the same codebase and same AI model across all three tests, with the only variable being the knowledge the agent had access to.
Implications for AI-Assisted Development
The experiment suggests AI agents aren't limited by intelligence but by what knowledge they can access when needed. The developer concluded that security knowledge "lives above the code" rather than within it, highlighting the importance of providing domain-specific references to AI tools rather than relying solely on their base training.
This approach to augmenting AI agents with specialized knowledge sources could be particularly relevant for developers using AI coding assistants for security reviews, where access to current security references and best practices significantly impacts the quality of findings.
📖 Read the full source: r/ClaudeAI
👀 See Also

Bitwarden Agent Access SDK integrates with OneCLI for secure credential injection
Bitwarden's new Agent Access SDK enables AI agents to access credentials from Bitwarden's vault with human approval, while OneCLI acts as a gateway that injects credentials at the network layer without exposing raw values to agents.

Testing Uncensored Qwen 3.5 35B Models for Cybersecurity Questions
A cybersecurity professional tested three uncensored Qwen 3.5 35B models on hacking and security bypass questions, finding significant differences in response quality compared to the original censored model. The uncensored models consistently provided answers where the original model refused or gave incomplete responses.

AI Chatbots Leaking Real Phone Numbers: The PII Exposure Problem
Chatbots like Gemini, ChatGPT, and Claude are exposing real personal phone numbers due to PII in training data. DeleteMe reports a 400% increase in AI-related privacy requests in seven months.

OpenClaw 2026.3.28 patches 8 security vulnerabilities including critical privilege escalation
OpenClaw 2026.3.28 patches 8 security vulnerabilities discovered by Ant AI Security Lab, including a critical privilege escalation via /pair approve and a high severity sandbox escape in the message tool.