Claude Code ships features fast. The same pattern that makes that possible — confident code, idiomatic-looking output, fast iteration — is what hides the risk we read for. We audit Claude Code codebases line by line, name what's broken, and tell you what to fix first.
Terminal-driven, multi-file changes across a codebase — often touching infra, tests and product code in a single agent loop.
The repository contains a .env file with database URLs, API keys or third-party secrets that resolve to live, billable services. Even if the repo is private today, anyone who later forks it, clones it for onboarding or browses old commits gets a working set of keys.
OpenAI, Stripe or third-party API keys appear directly inside .ts or .py files instead of being read from environment variables. Once committed, the key lives in git history forever — rotating it doesn't undo the leak, and grep-style scanners on public mirrors will find it within hours.
A feature that lets users ask questions in natural language pipes the raw text into a prompt that asks an LLM to write SQL, and then executes that SQL with elevated database privileges. A user who types the right paragraph can read or drop tables they never had UI access to.
The AI suggested an import for a package that either doesn't exist on npm or matches a malicious typosquat of a real one (`reqeusts`, `loadash`, `node-fetchh`). When `npm install` succeeded, it pulled either nothing useful or someone's installed-package backdoor — and now lives in the lockfile.
Email addresses, phone numbers, full names or session tokens appear in `console.log` statements that survive the build. In production those lines stream into the hosting platform's log viewer, get retained for weeks, and end up readable by any teammate with platform access — outside the scope of any GDPR data-processing record.
Knowing the tool that built the code lets us focus the audit. We start by detecting the Claude Code signature in the codebase, then we read the surfaces where Claude Code-specific failure modes cluster: auth, secrets, data access, dependencies and LLM-touching paths. Five to ten business days from kickoff to written report. No deployment access required — read-only repository access is enough.
Severity-ordered findings with file paths, line references, why it matters and a fix sketch. Readable by both engineering and non-technical stakeholders.
15-minute recording of the report — for the cofounder, investor or director who didn't make the live call.
Live discussion of severity, fix order and the calls that need a human in the loop.
Slack or email for clarifications, fix reviews and a second pair of eyes on the patches.
Typical SMB AI-built codebase, kickoff to written report. Larger or multi-repo audits scoped separately.
Same way as any other AI-built codebase. The terminal context just means the developer trusted more — so we trust less. We pay extra attention to local-only assumptions, debug paths and config files that were generated for development convenience and forgotten.
Not inherently. The risk is when those changes cross security boundaries (auth + database + storage in one commit) and the diff is too large to review carefully. We flag those commits and re-read what changed.
Yes. The model's review pass is good for most things, but it has blind spots — its own suggestions in a different file, its own confident SQL, its own auth assumptions. An external read catches what a self-review can't.
Next.js, Python and full-stack apps with Tailwind, shipped at high velocity by individual developers.
Read more →Inline completions across enterprise codebases, mixed with hand-written code from many authors over years.
Read more →Next.js apps deployed on Vercel with Supabase as the default database, often shipped before any backend review.
Read more →We design for privacy from the start, human control, traceability, usage limits, permissioning and documentation. For sensitive processes, we help assess risk and applicable obligations under GDPR and the EU AI Act.
Every engagement is led personally by one of the partners. If there's a fit, you get a personal first read of your case within one business day — not a canned demo.
