Nullgaze security scanner — the first scanner with a brain
NULLGAZE
|
Now scanning 60+ vulnerability patterns

The first security scanner with a brain.

Nullgaze learns your codebase over time. It remembers false positives, discovers new patterns, and gets smarter with every scan. Built for the millions of developers now shipping AI-generated code.

Hacker tier — no credit card required. Results in 30 seconds.

0+ Patterns
0s Avg Scan
0K Lines of Rust
Near-Zero0 FP With Memory

AI-generated code is shipping vulnerabilities to production.

0%

of AI code fails security tests

Veracode 2025

0+

Lovable apps exposed by CVE-2025-48757

0x

more XSS vulnerabilities in AI vs human code

Nullgaze was built after discovering these numbers. Your users deserve better.

Three layers of protection

Every scan runs a multi-layer detection pipeline

01

Scan

Paste any URL. Nullgaze fetches HTML, JavaScript bundles, sourcemaps, .env files, and config endpoints — fast.

02

Learn

Mark false positives once. Our FSRS-6 spaced repetition memory system remembers per-codebase. Confidence scores adjust automatically.

03

Protect

On every subsequent scan, known false positives are suppressed, confirmed threats are boosted, and only genuinely new vulnerabilities surface.

Regex patternsEntropy analysisAI anti-patternsMemory scoringResults
>>>>

What Nullgaze catches

Purpose-built for AI-generated code

src/lib/supabase.js
1import { createClient } from '@supabase/supabase-js'
2 
3const supabaseKey = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."CRITICAL
4const supabase = createClient(url, supabaseKey)
5 
6export async function getUsers() {
7  // Missing RLS check
8  const { data } = await supabase.from('users').select('*')HIGH
9  return data
10}
11 
12console.log('Token:', session.access_token)MEDIUM

Secret Detection

60+ regex patterns for AWS, Stripe, Supabase, GitHub, OpenAI, Anthropic, Firebase, and 50+ more services. Plus Shannon entropy analysis for unknown key formats.

AI-Code Anti-Patterns

Memory Intelligence

“After CVE-2025-48757 exposed hundreds of Lovable apps and leaked names, emails, and financial records of real users, we built the scanner we wished existed.”

Built with

🦀 Rust Axum🧠 FSRS-6 390+ Tests Passing

Built for developers shipping with

LovableBolt.newCursorReplitVercel

Simple, transparent pricing

From Hacker to Enterprise. Your brain gets smarter at every tier.

Hacker

Free forever

$0/mo
  • 5 scans/month
  • All 701 detection patterns
  • Quick + Deep scans
  • Full FSRS-6 brain
  • GitHub repo scanning
  • SBOM export
  • Competitor benchmark
  • Security badge
Start Hacking
MOST POPULAR

Pro

Full power for solo devs

$20/mo
  • Unlimited scans
  • All scan depths
  • LLM deep analysis
  • Attack path chains
  • Risk diff comparison
  • PR Guardian CI/CD
  • Security certificates
  • Breach cost estimates
  • AI Trust dashboard
  • 10K API calls/mo
Start Pro Trial

Team

Flat rate · 10 seats included

$49/mo
  • Everything in Pro
  • 10 seats included
  • Shared team brain
  • Compliance autopilot
  • Scheduled scans
  • 50K API calls/mo
  • CI/CD + merge blocking
  • Slack/webhook alerts
  • Unlimited retention
  • Priority support
Get Team

Enterprise

Unlimited everything

$149/mo
  • Everything in Team
  • Unlimited seats
  • Federated brain
  • SSO / SAML
  • Custom detection rules
  • Unlimited API access
  • White-label reports
  • Dedicated support + SLA
Get Enterprise

All plans include HTTPS scanning and redacted findings. API access on Pro+. Cancel anytime.

Your AI code deserves a security brain.

Join the developers who stopped shipping blind.

No credit card required. Hacker tier is free forever.