4. Security & Compliance

Validates code to prevent security vulnerabilities by enforcing business logic rules such as RBAC and IDOR prevention.

Specialized guidance for implementing Rails security features including authorization policies, data encryption, and vulnerability fixes using Pundit and Lockbox.

Detects silent failures and error swallowing in code to prevent security risks during error handling reviews.

Performs OWASP-aligned security audits on code to detect common vulnerabilities such as injection and authentication flaws.

Provides enterprise compliance architecture for SOC 2, HIPAA, GDPR, and PCI-DSS, including checklists, data protection controls, and audit evidence collection.

Activates arifOS Full Autonomy Governance mode, providing pre-flight checklists and authority boundaries before system changes.

Logs decisions and facts with confidence scores, sources, and timestamps in an immutable, auditable format for compliance and transparency.

Prevents injection attacks on AI skills and prompts, safeguarding against system prompt overrides, jailbreaks, and governance corruption.

Inspects distributed ledger for changes, sealed entries, and pending transactions, enforcing constitutional rules and F1-F9 metrics.

Performs security and compliance audits for AI skills and agents, validating truth, stakeholder safety, and injection defense.

Automates security scanning, vulnerability detection, and compliance checks to ensure adherence to security best practices and regulatory standards.

Checks code compliance with security patterns (XSS, CSRF, Input Validation), detects vulnerabilities, and provides remediation suggestions.

Provides advanced semantic vocabulary and architectural patterns for the OCTAVE security risk assessment framework, requiring prior OCTAVE literacy.

Converts natural language security descriptions into structured OCTAVE framework formats, requiring OCTAVE methodology knowledge.

Conducts comprehensive security audits including dependency scanning, unsafe code detection, and secret management to identify vulnerabilities before production deployment.

Expert UK tax compliance for HMRC, MTD, and Self-Assessment: calculates taxes, advises on deadlines/penalties, and supports MTD integration.

Conducts deep security audits for authorization logic, data access boundaries, and sensitive operation protection.

Provides a quick security audit checklist covering authentication, function exposure, and data access controls.

Security review and guidance for iOS, macOS, and watchOS apps, covering secure storage, biometric authentication, and network security patterns.

Automates security code reviews for OWASP vulnerabilities, performance issues, and best practice compliance including TypeScript strict mode and linting.

Provides access to GCS employee safety data for compliance tracking, incident reporting, and Arbejdstilsynet inspections.

Guides implementation of secure API authentication using JWT, OAuth 2.0, and API keys with security best practices and vulnerability prevention.

Reviews unilateral commercial NDAs from Recipient or Discloser perspectives, generating clause-by-clause issue logs with redlines, rationales, and deadlines.

Comprehensive guide for drafting GDPR-compliant privacy policies with CNIL 2020 recommendations and reference templates for websites/apps.