{"id":8386,"date":"2025-11-12T10:00:34","date_gmt":"2025-11-12T10:00:34","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2025\/11\/12\/securevibes-ai-tool-scans-for-vulnerabilities-in-11-languages-with-claude-ai-agents\/"},"modified":"2025-11-12T10:00:34","modified_gmt":"2025-11-12T10:00:34","slug":"securevibes-ai-tool-scans-for-vulnerabilities-in-11-languages-with-claude-ai-agents","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2025\/11\/12\/securevibes-ai-tool-scans-for-vulnerabilities-in-11-languages-with-claude-ai-agents\/","title":{"rendered":"SecureVibes \u2013 AI Tool Scans for Vulnerabilities in 11 Languages with Claude AI Agents"},"content":{"rendered":"

SecureVibes \u2013 AI Tool Scans for Vulnerabilities in 11 Languages with Claude AI Agents
\n \t

\n
<\/BR>
\n
\n \t

\n
<\/BR><\/p>\n

\n

In the fast-paced world of \u201cvibecoding,\u201d where developers use AI to build applications rapidly, a new open-source tool is stepping up to tackle security risks.<\/p>\n

SecureVibes, created by developer Anshuman Bhartiya, leverages Anthropic\u2019s Claude AI through a multi-agent system to detect vulnerabilities in codebases automatically.<\/p>\n

Released in October 2025, this Python-based scanner aims to make professional-grade security analysis<\/a> accessible without needing deep expertise.\u200b<\/p>\n

At its core, SecureVibes employs five specialized AI agents that collaborate like a human security team. The Assessment Agent maps out the codebase architecture, creating a SECURITY.md file with key details like data flows and dependencies.<\/p>\n

Next, the Threat Modeling Agent applies STRIDE methodology to identify potential threats, outputting a THREAT_MODEL.json file. The Code Review Agent then scrutinizes the code against these threats, validating issues and generating VULNERABILITIES.json with specifics like file paths and line numbers.<\/p>\n

An optional DAST Agent performs dynamic testing on a running app via a target URL, adding exploitability checks through Claude Agent Skills. Finally, the Report Generator compiles everything into actionable reports in formats like Markdown or JSON.\u200b<\/p>\n

Supporting 11 languages, including Python, JavaScript, TypeScript, Go, and more, SecureVibes smartly detects project types and excludes irrelevant directories, such as venv\/ for Python or node_modules\/ for JS.<\/p>\n

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Language<\/th>\nExtensions<\/th>\nAuto-Excluded Directories<\/th>\n<\/tr>\n<\/thead>\n
Python<\/td>\n.py<\/code><\/td>\n\nvenv\/<\/code>,\u00a0env\/<\/code>,\u00a0.venv\/<\/code>,\u00a0__pycache__\/<\/code>,\u00a0.pytest_cache\/<\/code>,\u00a0.tox\/<\/code>,\u00a0.eggs\/<\/code>,\u00a0*.egg-info\/<\/code>\n<\/td>\n<\/tr>\n
JavaScript<\/td>\n\n.js<\/code>,\u00a0.jsx<\/code>\n<\/td>\n\nnode_modules\/<\/code>,\u00a0.npm\/<\/code>,\u00a0.yarn\/<\/code>\n<\/td>\n<\/tr>\n
TypeScript<\/td>\n\n.ts<\/code>,\u00a0.tsx<\/code>\n<\/td>\n\nnode_modules\/<\/code>,\u00a0.npm\/<\/code>,\u00a0.yarn\/<\/code>,\u00a0dist\/<\/code>,\u00a0build\/<\/code>\n<\/td>\n<\/tr>\n
Go<\/td>\n.go<\/code><\/td>\n\nvendor\/<\/code>,\u00a0bin\/<\/code>,\u00a0pkg\/<\/code>\n<\/td>\n<\/tr>\n
Ruby<\/td>\n.rb<\/code><\/td>\n\nvendor\/<\/code>,\u00a0.bundle\/<\/code>,\u00a0tmp\/<\/code>\n<\/td>\n<\/tr>\n
Java<\/td>\n.java<\/code><\/td>\n\ntarget\/<\/code>,\u00a0build\/<\/code>,\u00a0.gradle\/<\/code>,\u00a0.m2\/<\/code>\n<\/td>\n<\/tr>\n
PHP<\/td>\n.php<\/code><\/td>\n\nvendor\/<\/code>,\u00a0.composer\/<\/code>\n<\/td>\n<\/tr>\n
C#<\/td>\n.cs<\/code><\/td>\n\nbin\/<\/code>,\u00a0obj\/<\/code>,\u00a0packages\/<\/code>\n<\/td>\n<\/tr>\n
Rust<\/td>\n.rs<\/code><\/td>\ntarget\/<\/code><\/td>\n<\/tr>\n
Kotlin<\/td>\n.kt<\/code><\/td>\n\nbuild\/<\/code>,\u00a0.gradle\/<\/code>\n<\/td>\n<\/tr>\n
Swift<\/td>\n.swift<\/code><\/td>\n\n.build\/<\/code>,\u00a0.swiftpm\/<\/code>,\u00a0Packages\/<\/code>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n

It handles mixed-language projects seamlessly, ensuring thorough scans. Installation is straightforward: pip install securevibes for the stable release, or clone the GitHub repo<\/a> for the latest features.<\/p>\n

Users authenticate via Claude\u2019s CLI session or API key, then run \u201csecurevibes scan .\u201d for a full analysis, with options for verbosity, severity filters, or sub-agent runs to cut costs.\u200b<\/p>\n

What sets SecureVibes apart from traditional SAST tools like Semgrep or Bandit? In self-tests, it uncovered 16-17 vulnerabilities in its own codebase, four times more than single-agent AI like Claude Code<\/a>, while rules-based scanners found zero.<\/p>\n

This progressive, context-aware approach reduces false positives by requiring concrete evidence for each issue. Costs are reasonable, around $2-3 per scan using the Sonnet model, though Opus offers deeper analysis at a premium.<\/p>\n

Privacy is prioritized: Only code and relative paths are sent to Anthropic, with no secrets or absolute paths shared. Bhartiya encourages reviewing Anthropic\u2019s policy before scanning sensitive code. A Python API enables integration into CI\/CD pipelines<\/a> for automated checks.\u200b<\/p>\n

Available on GitHub under AGPL license, SecureVibes is evolving with recent additions like DAST validation and skills for advanced testing. As vibecoding grows, tools like this could bridge the security gap in AI-driven development, helping devs ship safer apps faster.<\/p>\n

Follow us on Google News<\/a>, LinkedIn<\/a>, and X<\/a> for daily cybersecurity updates. Contact us<\/a> to feature your stories.<\/strong><\/p>\n<\/p>\n

The post SecureVibes \u2013 AI Tool Scans for Vulnerabilities in 11 Languages with Claude AI Agents<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\n

\t

\n
<\/BR>
\n Guru Baran
\n \t

\n
<\/BR>
\nGo to cyber-security-news<\/a>
\n \t

\n
<\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"

SecureVibes \u2013 AI Tool Scans for Vulnerabilities in 11 Languages with Claude AI Agents In the fast-paced world of \u201cvibecoding,\u201d where developers use AI to build applications rapidly, a new open-source tool is stepping up to tackle security risks. SecureVibes, created by developer Anshuman Bhartiya, leverages Anthropic\u2019s Claude AI through a multi-agent system to detect […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,131,648],"tags":[130],"class_list":["post-8386","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-vulnerability","category-vulnerability-news","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8386"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=8386"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/8386\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=8386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=8386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=8386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}