4. Security & Compliance

Prevents security vulnerabilities in LLM products including prompt injection, data exfiltration, and model abuse.

Provides expert consultation on application security, secure credential management, and OAuth flow implementation.

Audits Supabase Row Level Security (RLS) configurations and performance, triggered by 'SUPABASE:' prefix.

Performs expert audits to ensure web content meets WCAG 2.1/2.2 and W3C accessibility standards for compliance.

Expertise in Florida environmental permitting, including SJRWMD permits, wetland assessments, flood zone analysis, and stormwater requirements.

Automates security, performance, i18n, UI consistency, and documentation drift audits for Treido projects upon 'AUDIT:' prefix or request.

Conducts backend code audits with batch processing, summarizing all security and compliance issues in a single report.

Verifies authentication setup, reviews user management configurations, and performs security diagnostics to identify vulnerabilities.

Verifies critical claims with source-backed evidence and confidence levels, triggering additional research for low-confidence assertions to ensure reliability in legal, compliance, and high-stakes decisions.

Scans code repositories to detect and prevent accidental commits of secrets and sensitive information.

Scans Python project dependencies to identify security vulnerabilities, outdated packages, and adherence to best practices.

Proactively scans dependencies, container images, and IaC for security vulnerabilities in ecommerce projects, blocking critical/high severity issues before code commit.

Installs and configures security hooks to protect against malicious commands and secure application paths in Claude Code.

Assesses R&D activities for eligibility under Division 355 tax incentive criteria, classifying core and supporting R&D to calculate refundable tax offsets.

Provides secure JWT authentication and authorization with token validation, claims checks, and safe error handling for user permissions.

Audits Java dependencies for security vulnerabilities, license compliance, and version conflicts, generating upgrade plans with risk notes.

Performs defensive security audits for Java backend services, identifying input validation flaws, SSRF, deserialization risks, and authorization issues, with a report of mitigations.

Conducts security vulnerability scans on dependencies, generates proof-of-concept exploits, and documents findings using Gemini's security extension.

Automates comprehensive code audits on completed work, using specialized auditors to identify and fix issues upon user request.

Conducts security reviews and threat modeling for endpoints, authentication, and sensitive data handling to identify vulnerabilities in user input, payments, and integrations.

Enables safe, pre-defined penetration testing of AWS cloud environments with built-in security safeguards and compliance checks.

Provides automated OWASP Top 10 vulnerability checks and ethical hacking heuristics for comprehensive security audits.

Detects OWASP vulnerabilities in Python applications using security patterns and compliance best practices.

Delivers a structured security review checklist for identifying vulnerabilities in code and infrastructure configurations.