Sabitlenmiş Tweet
🚨Seqra just open-sourced a security analyzer that your agents will love to work with.
It's called OpenTaint.
The open source taint analysis engine for the AI era.
github.com/seqra/opentaint
Here is why you need it:
English
Aleks
29 posts
Aleks
@seqradev
Formal methods advocate. Seqra. Engineering OpenTaint — the open source taint analysis engine for the AI era.
Katılım Kasım 2025
41 Takip Edilen3 Takipçiler
@LiveOverflow It allows us to transform LLM agents' findings into a deterministic, cheap, reproducible, and scalable workflow.
The link: github.com/seqra/opentaint
English
@LiveOverflow We are building this kind of tool to find deeply hidden vulnerabilities in applications, using taint analysis as a powerful, configurable search engine, so that an LLM can express the vulnerability pattern it found as a config for the engine.
English
I have had several discussions now about the cost and ROI of AI. And many people like to throw agents at the problem, which are incredibly expensive.
My opinion is that at some point this is not sustainable. Traditional businesses operate on 10-20% margins. If you compare cost of Agent to cost of labour you get massive margins. But at some point economy will base-line, right? And then it's not justifiable to spend 10-100x on Agents burning tokens, if you can have optimised "deterministic" LLM workflows.
Thoughts?
English
@JinjingLiang @cursor_ai @semgrep @AquaTrivy @gitleaks Also take a look at OpenTaint – a super powerful open source taint analyser with dedicated Spring support github.com/seqra/opentaint
English
And if you're looking for open source (and free) alternatives for security scanning:
• Semgrep (@semgrep) – Fast SAST with custom rules github.com/semgrep/semgrep
• Trivy (@AquaTrivy) – Containers, SBOMs, IaC & more github.com/aquasecurity/t…
• Gitleaks (@gitleaks) – Super fast secrets detection github.com/gitleaks/gitle…
• Checkov – IaC security (Terraform, K8s, etc.) github.com/bridgecrewio/c…
• Grype (@GrypeProject) – Lightweight container vuln scanner github.com/anchore/grype
All integrate easily into GitHub / GitLab CI.
English
Cursor Security Review is now available for Teams and Enterprise plans.
Run two types of always-on agents:
1. Security Reviewer checks every PR for vulnerabilities and leaves comments.
2. Vulnerability Scanner runs scheduled scans of your codebase and posts findings in Slack.
English
Full notes: github.com/seqra/opentain…
How to get it 👇
1/ curl:
curl -fsSL opentaint.org/install.sh | bash
2/ brew:
brew install --cask seqra/tap/opentaint
3/ upgrade anytime:
opentaint update
English
🚀 OpenTaint 0.2.0 is out — the most thorough taint analysis engine for Spring apps.
A release focused on day-1 experience, safe concurrency, and a faster analysis core.
Star the repo to follow along: github.com/seqra/opentain…
#appsec #java #spring #sast #opensource
English
Meanwhile, static taint analysis costs nothing, runs on the CPU in minutes, and works deterministically.
Dan ⚡️@d4m1n
$20,000 to scan one codebase that's what anthropic says it cost Mythos to find those zero days. per repo. except API tokens are currently sold at a LOSS. That "$20,000 scan" probably cost closer to $100,000+ in real gpu time ffmpeg couldn't afford the subsidized price let alone the real one... if the cost doesn't come down by a huge factor this just doesn't make sense. It's Anthropic's marketing week 💀
English
We build an open-source taint analyser for the AI era to make lean application security a reality.
Discovering a vulnerability is only half the problem. Doing it at scale, without waste, is the other half.
And for that, we need advanced formal methods more than ever.
Anthropic@AnthropicAI
Introducing Project Glasswing: an urgent initiative to help secure the world’s most critical software. It’s powered by our newest frontier model, Claude Mythos Preview, which can find software vulnerabilities better than all but the most skilled humans. anthropic.com/glasswing
English
AI generates production code faster than today's security tooling can keep up with. The more AI writes code, the more you need formal methods underneath.
Roman@romxdev
vibe coding is officially dead I had to say it. we thought AI would let us relax and code "on chill", but instead it turned us into architectural bureaucrats. we write strict laws, define rules, limits, and principles. if you don't obsessively review the code agent writes, your project will mutate into a massive landfill of tech debt within a month.
English
Aleks retweetledi
Blog: ZAP Updates for March:
zaproxy.org/blog/2026-04-0…
ZAP was started 9.5 MILLION times .. and we announced significant collaborations with other open source projects
Cc @javamuffinztx @seqradev @pentestkit
#zaproxy #appsec
English
@ThePrimeagen The open source taint analysis engine: github.com/seqra/opentaint
English
Hey, you got a cool project that you are building? Link it
I want to yap about cool projects
English
I doubt LLM scanners scale for large codebases well. Not to mention the costs and unpredictability of results.
Use LLMs to write rules for SAST to find new kinds of vulnerabilities and to do so precisely. Use SAST tools that allow for this.
AISecHub@AISecHub
llm-sast-scanner - github.com/SunWeb3Sec/llm… A general-purpose Static Application Security Testing (SAST) skill for LLM-based code vulnerability analysis. Designed to be loaded by AI coding agents (Claude Code, OpenAI Codex, etc.) to perform structured source-to-sink taint analysis across 34 vulnerability classes.
English
We were very pleased to work on this integration — thanks to the @zaproxy team for the ideas and support!
Zed Attack Proxy@zaproxy
New ZAP Blog Post: zaproxy.org/blog/2026-03-2… This post describes an approach that uses static analysis findings to guide ZAP’s active scans toward the most relevant endpoints. The result is a faster scanning mode suited for CI/CD pipelines. Thanks to @seqradev ! #zaproxy #appsec
English