Nullgaze security scanner — the first scanner with a brain
NULLGAZE
|
Now scanning 60+ vulnerability patterns

The first security scanner with a brain.

Nullgaze learns your codebase over time. It remembers false positives, discovers new patterns, and gets smarter with every scan. Built for the millions of developers now shipping AI-generated code.

Free tier — no credit card required. Results in 30 seconds.

0+ Patterns
0s Avg Scan
0K Lines of Rust
Near-Zero0 FP With Memory

AI-generated code is shipping vulnerabilities to production.

0%

of AI code fails security tests

Veracode 2025

0+

Lovable apps exposed by CVE-2025-48757

0x

more XSS vulnerabilities in AI vs human code

Nullgaze was built after discovering these numbers. Your users deserve better.

Three layers of protection

Every scan runs a multi-layer detection pipeline

01

Scan

Paste any URL. Nullgaze fetches HTML, JavaScript bundles, sourcemaps, .env files, and config endpoints — fast.

02

Learn

Mark false positives once. Our FSRS-6 spaced repetition memory system remembers per-codebase. Confidence scores adjust automatically.

03

Protect

On every subsequent scan, known false positives are suppressed, confirmed threats are boosted, and only genuinely new vulnerabilities surface.

Regex patternsEntropy analysisAI anti-patternsMemory scoringResults
>>>>

What Nullgaze catches

Purpose-built for AI-generated code

src/lib/supabase.js
1import { createClient } from '@supabase/supabase-js'
2 
3const supabaseKey = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."CRITICAL
4const supabase = createClient(url, supabaseKey)
5 
6export async function getUsers() {
7  // Missing RLS check
8  const { data } = await supabase.from('users').select('*')HIGH
9  return data
10}
11 
12console.log('Token:', session.access_token)MEDIUM

Secret Detection

60+ regex patterns for AWS, Stripe, Supabase, GitHub, OpenAI, Anthropic, Firebase, and 50+ more services. Plus Shannon entropy analysis for unknown key formats.

AI-Code Anti-Patterns

Memory Intelligence

“After CVE-2025-48757 exposed hundreds of Lovable apps and leaked names, emails, and financial records of real users, we built the scanner we wished existed.”

Built with

🦀 Rust Axum🧠 FSRS-6 390+ Tests Passing

Built for developers shipping with

LovableBolt.newCursorReplitVercel

Simple, transparent pricing

From free scans to full team protection. Your brain gets smarter at every tier.

Free

Try it out

$0/mo
  • 3 scans/month
  • All detection patterns
  • Quick scan depth
  • GitHub repo scanning
Start Free

Starter

For solo developers

$29/mo
  • 25 scans/month
  • Quick + Deep scans
  • GitHub repo scanning
  • Brain memory system
  • Security badge
Get Starter
MOST POPULAR

Pro

Full power

$100/mo
  • Unlimited scans
  • All scan depths
  • GitHub repo scanning
  • AI Trust dashboard
  • Wrapped security reports
  • API access + CLI
  • Brain memory system
  • Security badge
  • Fast support
Start Pro Trial

Team

$79/seat/mo · min 5 seats

$79/seat/mo
  • Everything in Pro
  • Shared team brain
  • Unlimited GitHub repos
  • CI/CD + PR comments
  • Merge blocking
  • Slack/webhook alerts
  • White-label badge
  • 1-year retention
Coming Soon

Enterprise

Brain Platform

Custom
  • Cross-repo brain federation
  • Brain API access
  • Unlimited seats
  • SSO / SAML
  • Custom detection rules
  • Compliance dashboards
  • White-label reports
  • Brain export & versioning
  • Dedicated brain engineer
  • SLA guarantee
Coming Soon

All plans include HTTPS scanning and redacted findings. API access on Pro+. Cancel anytime.

Your AI code deserves a security brain.

Join the developers who stopped shipping blind.

No credit card required. First scan is always free.