Prbl is a security scanner built for AI-generated code — the 10–60% of your codebase you didn’t write, and probably didn’t audit.
The problem
The seam finding
89.2% human-written. The bug was in the other 10.8%.
create_blog_posts.py:22 — password='password123'A repo that looked like clean, senior Python. One Cursor-generated migration file. That file had a hardcoded credential that would have shipped to production.
SQL injection
A booking platform's auth controller. Login bypass. Real users.
auth.js:12 — SQL injection via string concatenationThe AI wrote a fast login endpoint. It also wrote a classic 1990s-era SQL injection. The rest of the codebase used parameterized queries correctly.
The fallback secret
A payment API. JWT secret falls back in production.
jwt.js:3 — process.env.JWT_SECRET || 'default_secret'Every deployment where the env var is missing signs tokens with a public, predictable key. Every token ever issued can be forged.
How it works
Scan
Prbl detects AI-generated files and scans them for the vulnerability classes AI tools produce systematically — hardcoded secrets, injection, missing auth, weak crypto.
Baseline
Behavioral tests are generated for every function before anything is touched. These become the contract that every fix must satisfy.
Fix
The rewriter applies the minimal fix, validates that behavior is preserved against the baseline, then shows you a clean diff. You approve before anything merges.
Verify
Rescan confirms zero findings. The baseline tests still pass. Nothing ships broken.
Pricing
Pro
Team
Get started today