4. Security & Compliance

Analyzes Apple firmware, binaries, and security components including Mach-O disassembly and iOS/macOS kernel research.

Provides secure OAuth2 authentication with support for authorization flows, token management, PKCE, OpenID Connect, and security best practices.

Conducts adversarial security analysis to identify vulnerabilities and weaknesses in systems before deployment or during security reviews.

Automates container and dependency vulnerability scanning using Grype in CI/CD pipelines and development workflows to detect security issues early.

Detects project type and applies appropriate NASA or open source licenses for compliance assurance.

Securely stores and retrieves API keys for external services like Anthropic, Google Gemini, and GitHub to enable safe external API access.

Provides input validation and sanitization patterns to prevent injection attacks and ensure safe user input handling.

Provides security patterns for LLM integrations to defend against prompt injection and prevent hallucinations.

Secures MCP servers through prompt injection defense, tool poisoning prevention, and permission management via allowlist implementation.

Provides guidance on OWASP Top 10 security vulnerabilities and their mitigations for security audits and code reviews.

Provides secure authentication and authorization patterns including JWT, OAuth 2.1, and role-based access control for login flows and session management.

Automates security scanning of dependencies and code using tools like npm audit, pip-audit, and Semgrep, with CI/CD integration.

Enforces defense-in-depth security validation across AI pipeline components to eliminate single points of failure in LLM integrations.

Provides WCAG 2.2 AA compliance patterns for auditing and implementing accessibility requirements in web applications.

Automates security audits for Laravel and Filament applications, checking for XSS, CSP misconfigurations, and IDOR vulnerabilities.

Validates code to prevent security vulnerabilities by enforcing business logic rules such as RBAC and IDOR prevention.

Specialized guidance for implementing Rails security features including authorization policies, data encryption, and vulnerability fixes using Pundit and Lockbox.

Automates security scanning, vulnerability detection, and compliance checks to ensure adherence to security best practices and regulatory standards.

Checks code compliance with security patterns (XSS, CSRF, Input Validation), detects vulnerabilities, and provides remediation suggestions.

Provides advanced semantic vocabulary and architectural patterns for the OCTAVE security risk assessment framework, requiring prior OCTAVE literacy.

Converts natural language security descriptions into structured OCTAVE framework formats, requiring OCTAVE methodology knowledge.

Conducts comprehensive security audits including dependency scanning, unsafe code detection, and secret management to identify vulnerabilities before production deployment.

Automates security code reviews for OWASP vulnerabilities, performance issues, and best practice compliance including TypeScript strict mode and linting.

Provides access to GCS employee safety data for compliance tracking, incident reporting, and Arbejdstilsynet inspections.