AI SUPPLY-CHAIN SECURITY · LIVE

Catch attack chains before attackers do.

Free deterministic scan, AI-driven exploit chain analysis, and AI-powered auto-patches — one flow, ten seconds to a verified PR.

135 checks·30 seconds·No signup
Verified on GitHub · npm · PyPI · Maven · Cargo · Go modules
github.com/your-team/api · CVE-2024-XXXXPR OPENED · LIVE
10s
finding → verified PR
94 / 100 confidence5 stages · sandbox-tested
Context retrieved0.4s
RAG · vulnerable slice + 3 CVE patches
Patch generated6.2s
AI engine · step-by-step reasoning
Sandbox + re-scan passed3.1s
Docker --network none · 0 new findings
PR #142 opened · just nowSee AI Repair →
How Patchguard works

Three independent scans, one repair engine.

Start free. Go deeper when you need it. Auto-fix when you're ready.

FREE

Free Scan

A 30-second health checkup for any site. No signup.

  • ·135 deterministic checks
  • ·Mozilla Observatory aligned
  • ·Achievement badges
Try free →
PROPOPULAR
🎯

URL Scan

Live-site pentest. We show you what attackers will chain.

  • ·AI exploit-chain reasoning
  • ·NextAuth / GraphQL / OAuth probes
  • ·Verified findings only
Run Pro →
PRO
🔍

Repo Scan

Quick Scan for daily PRs · Deep Audit for Java/Go large repos and compliance.

  • ·Two tiers: Quick / Deep
  • ·git blame + CWE / CVE map
  • ·25 languages
Connect repo →
PROUNIQUE
🤖

AI Repair

AI engine repairs any finding from your scans — verified patch, automatic PR.

  • ·Five-stage repair pipeline
  • ·Sandbox-verified fixes
  • ·Average 10-second resolution
See how →
Verified findings

Real attack paths, found by our Pro scan.

Each finding below was independently verified via curl and dig. Site names anonymized — depth is what matters.

CRITICAL

Cloudflare WAF bypass via SPF leak

Pro detected the origin IP leaked through the SPF DNS record. The site sits behind Cloudflare, but the underlying server is directly reachable — every WAF rule can be skipped.

Korean media platformEngine · Pro
CRITICAL

Internal API schema fully exposed

GraphQL introspection was publicly enabled on the live API. Pro returned a complete schema — every query, mutation, and subscription including admin-only ones — within seconds.

Productivity SaaS (US)Engine · Pro
CRITICAL

Live API key in HTML source

A working third-party API key was sitting in the HTML of a public page. Pro extracted the literal value (not just the pattern), enabling direct external-API abuse on the owner's account.

Scheduling SaaS (EU)Engine · Pro
Patchguard — AI Supply Chain Security Platform