4. Security & Compliance

Analyzes development stories to determine security implications and whether they require inclusion in a threat model.

Creates initial threat models for systems using PyTM, identifying security threats and vulnerabilities through structured analysis.

Reviews code for PII exposure, logging violations, and privacy compliance with regulations like GDPR and HIPAA.

Assists in implementing and managing GDPR-compliant consent screens, logging, and privacy flows for user data protection.

Provides safety guidelines for Windows registry operations under HKCR to prevent system instability and security risks during context menu modifications.

Automates technical SEO, performance, and security audits for static sites, detecting exposed tokens, accessibility issues, and heavy scripts.

Guides security code reviews to identify vulnerabilities, assess authentication mechanisms, and evaluate data handling practices.

Performs security code audits to identify vulnerabilities and OWASP compliance issues.

Provides user management capabilities for Fireflies.ai, including current user info, team member listing, and role management.

Provides security context, vulnerability assessment, and compliance guidance for OWASP, GDPR, and SOC II, including historical audit trails.

Provides integrated security analysis including vulnerability scanning, threat modeling, and audit log management using CVE databases and security tools.

Provides a security review checklist focusing on AWS credentials management, input validation, and sensitive data logging practices.

Conducts threat-driven security audits to identify vulnerabilities at trust boundaries and assess exploitability.

Generates accurate corporate compliance reports (Due Diligence, KYC, Background) using deterministic templates to prevent hallucinations and ensure regulatory adherence.

Manages user authentication, session handling, and secure token operations for the TaskFlow application, ensuring secure login and registration processes.

Enables secure service-to-service authentication using TokenX token exchange within the Nais platform for trusted microservice communication.

Enables direct Google Calendar and Gmail API access using personal OAuth credentials with token refresh management.

Strips EXIF and other metadata from images to protect user privacy and prevent unintended data exposure.

Provides security and compliance patterns including audit prompts, AI attribution guidelines, and deployment readiness checks for secure software development.

Provides security best practices and guidance for mitigating common vulnerabilities in software applications.

Enforces regulatory compliance and secure access control through UI governance patterns for critical sectors like finance, healthcare, and defense.

Provides a library for implementing data governance, certification workflows, and policy enforcement with trust tiers and evidence binding standards.

Provides security checklists and patterns for authentication, user input handling, secrets management, and secure API implementation in sensitive features like payments.

Conducts security design reviews to identify vulnerabilities, ensure data protection, and align with compliance standards for business goals and system architecture.