SecureVibes, an innovative AI-native security system designed for modern applications, has unveiled a comprehensive vulnerability scanner that leverages Anthropic’s Claude AI to deliver intelligent security analysis across eleven programming languages.
The tool represents a significant advancement in automated vulnerability detection by combining a multi-agent architecture with sophisticated threat modeling capabilities.
Advanced AI-Powered Security Analysis
The platform uses Claude’s multi-agent architecture to identify security vulnerabilities in codebases autonomously.
Five specialized AI agents work collaboratively, four core agents plus one optional dynamic testing agent, to provide context-aware security analysis with concrete evidence, including specific file paths and line numbers.
This approach moves beyond traditional pattern-matching vulnerability detection to implement actual security thinking methodologies.
SecureVibes automatically detects and analyzes code written in Python, JavaScript, TypeScript, Go, Ruby, Java, PHP, C#, Rust, Kotlin, and Swift.
The scanner intelligently handles polyglot projects by combining exclusion rules across multiple languages.
For example, a Python and TypeScript project automatically excludes both virtual environment directories and node_modules folders, ensuring efficient scanning of mixed-language codebases.
SecureVibes Supported Languages
| Language | File Extensions | Auto-Excluded Directories |
|---|---|---|
| Python | .py | venv/, env/, .venv/, pycache/, .pytest_cache/, .tox/, .eggs/, *.egg-info/ |
| JavaScript | .js, .jsx | node_modules/, .npm/, .yarn/ |
| TypeScript | .ts, .tsx | node_modules/, .npm/, .yarn/, dist/, build/ |
| Go | .go | vendor/, bin/, pkg/ |
| Ruby | .rb | vendor/, .bundle/, tmp/ |
| Java | .java | target/, build/, .gradle/, .m2/ |
| PHP | .php | vendor/, .composer/ |
| C# | .cs | bin/, obj/, packages/ |
| Rust | .rs | target/ |
| Kotlin | .kt | build/, .gradle/ |
| Swift | .swift | .build/, .swiftpm/, Packages/ |
The tool includes smart language-aware exclusions that respect community standards.
Python projects automatically exclude virtual environments, JavaScript projects skip node_modules, and Go projects ignore vendor directories.
This intelligent approach prevents false positives and reduces scanning time across complex projects.
The vulnerability detection process unfolds through distinct phases. First, an Assessment Agent analyzes the codebase architecture and generates security documentation.
Next, a Threat Modeling Agent applies the STRIDE methodology to identify potential threats. The Code Review Agent then validates discovered vulnerabilities using security analysis principles.
A Report Generator compiles findings into comprehensive results. At the same time, an optional DAST Agent performs dynamic validation through HTTP requests to confirm exploitability.
Users can run the complete scan or execute individual agents to optimize costs and scanning time.
The command-line interface supports various output formats, including Markdown, JSON, and terminal tables.
Advanced configuration options enable per-agent model selection, allowing organizations to use faster models for preliminary analysis and more thorough models for critical code review phases.
Authentication is handled via the Claude CLI or API key integration, with support for environment variables to customize model selection and analysis depth.
The platform supports a three-tier model priority, per-agent environment variables, CLI flags, and default settings.
SecureVibes implements streaming mode for long-running scans, providing real-time progress updates and agent narration.
This transparency helps users understand the analysis process while eliminating uncertainty during extended scanning sessions.
Cost tracking displays throughout the scan, enabling organizations to monitor API expenses in real-time.
The tool transmits source code and relative file paths to Anthropic’s Claude API while deliberately excluding sensitive information like absolute paths, environment variables, and git metadata.
Users maintain complete control over scanning scope and should review Anthropic’s privacy policy before analyzing proprietary codebases.
Version 0.3.1 represents the latest release, featuring DAST sub-agent capabilities and enhanced multi-language support.
The platform is available on PyPI and supports both classical and streaming scanning modes for different organizational needs.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.