4. Security & Compliance

Detects and mitigates security vulnerabilities including OWASP Top 10 flaws in code handling user input, authentication, and APIs.

Automates security code reviews detecting OWASP Top 10, CWE vulnerabilities, and compliance gaps, generating reports with CVE references and remediation guidance.

Reviews product features, marketing content, and data handling practices for compliance with GDPR, CCPA, and other data privacy regulations.

Expert guidance for Keycloak identity and access management, covering SSO, RBAC, authentication flows, and security hardening.

Toggles PAI governance enforcement and controls chain-of-command routing and session-end requirements for security compliance.

Conducts security code audits for healthcare and military systems, ensuring HIPAA, OPSEC, and PHI compliance in authentication, authorization, and data handling.

Validates medical schedules for ACGME compliance, coverage gaps, and operational viability to ensure regulatory adherence.

Validates medical residency schedules against ACGME regulations, ensuring compliance with work hour limits, supervision ratios, and accreditation requirements.

Enables security investigations, digital forensics, and intelligence gathering through the COORD_INTEL platform.

Automates compliance validation for ACGME and institutional rules, including audit workflows, historical analysis, and violation remediation for regulatory reporting.

Analyzes proposed schedule swaps to ensure ACGME regulatory compliance and maintain operational coverage without violations.

Enables rapid cross-domain security assessment via SOF operator deployment and probe-based situational awareness for operational readiness.

Checks adherence to regulatory requirements in finance, tax, employment, data privacy, and industry-specific laws.

Ensures healthcare organizations meet HIPAA and privacy/security standards through compliance checks and guidance.

Scans code and infrastructure for security vulnerabilities and compliance issues.

Scans project dependencies for known CVEs and generates security vulnerability reports for compliance.

Provides detailed CVE lookup by ID or product, including severity scores, affected versions, and references for security vulnerability research.

Domain specialist for security operations, covering vulnerability management, compliance (SOC2, GDPR, PCI-DSS), and secure coding practices including OWASP Top 10 and input validation.

Comprehensive reference for iOS file encryption and data protection APIs, including NSFileProtection and FileProtectionType.

Audits Aztec smart contracts for security vulnerabilities, correctness, and adherence to best practices to prevent exploits.

Conducts comprehensive security reviews to identify and report vulnerabilities in systems and applications.

Performs automated web accessibility audits to ensure compliance with WCAG standards, identifying barriers for users with disabilities.

Provides a secure sandbox environment for executing untrusted user code, AI-generated code, or isolated code execution to prevent security breaches.

Provides reverse engineering tools for Apple firmware, binaries, and security research including Mach-O analysis, dyld_shared_cache disassembly, and KEXT extraction for iOS/macOS.