Your autonomous security agent for AI-generated code.
AI made everyone feel like a senior engineer overnight. Security vulnerabilities didn’t disappear — they just stopped looking dangerous. Crumble reviews every pull request, branch, and AI-generated change for the weird stuff before it ships.
Cursor
Claude Code
Lovable
v0
Bolt
ReplitCursorClaude CodeLovablev0BoltReplit- Broken access control —
users/[id]/route.ts:14 - Exposed secret —
NEXT_PUBLIC_SERVICE_ROLE_KEY - RLS disabled —
invoices - Prompt injection risk —
agent.ts:88
Install.
Push.
Sleep.
One-click GitHub App install. Open a pull request. Crumble clones the branch, walks the diff, and posts a Crumble Audit Check Run with inline review comments — red or green at a glance.
AI writes the code. Nobody reviews the security.
Cursor, Claude Code, Lovable, Replit, and autonomous coding agents let you ship entire applications in an afternoon — and quietly ship the vulnerabilities with them. Most AI-generated vulnerabilities look completely correct. Static scanners only catch known signatures. Crumble adds contextual review designed for AI-generated systems.
Leaked secrets
API keys committed to public repos. Service tokens in client bundles. Credentials in.env.example. Found in seconds — by us or by the bots scraping GitHub.Broken auth
Skipped lockout, weak password handling, MD5/SHA1 hashing, session cookies missinghttpOnly / secure / sameSite. Quietly suggested by AI completions that learned from old code.Insecure database policies
Supabase RLS turned off “just for testing.” Firestore rules wide-open. Drizzle queries built from string concat. The kind of thing that ends up in a postmortem blog post.Prompt injection & unsafe logic
Prompt injection vectors, SSRF in image proxies,eval() in user-controlled paths, jailbreak surfaces, dangerous tool-call gates. The shapes AI tools commonly ship.Plain English. Real exploits. Specific fixes.
Every finding answers four questions — not a CVE number, not “consider following best practices.”
- CRITICAL · Broken access control —
app/api/users/[id]/route.ts:14readsparams.idstraight from the URL with no ownership check. Any logged-in user can read any other user’s profile. - HIGH · Exposed secret —
NEXT_PUBLIC_SERVICE_ROLE_KEYin.env.local. TheNEXT_PUBLIC_prefix ships this to the browser bundle. Rotate the key and remove the prefix. - HIGH · Insecure RLS —
supabase/migrations/0003.sqldisables RLS onpublic.invoices. Re-enable, then add a policy keyed onauth.uid().
What's dangerous
The exact line that's a problem — quoted, not paraphrased.
Why it matters
Real-world impact. Data exposure, account takeover, financial loss.
How attackers exploit it
A concrete attack path, not a CVE number. Plain English.
How to fix it
A specific code change you can apply, not 'consider following best practices'.
What lands on every pull request
Four GitHub surfaces. No noise. No “AI says it’s fine.”
On the lines that matter
Every failing finding with file + line evidence becomes a review comment, attached to the audited commit.One status, one badge
A Crumble Audit Check Run with conclusion + annotations, so the PR shows red or green at a glance.The full report, in place
A single Markdown summary keyed to the scan. Re-runs edit the comment in place — no thread bloat.Critical findings, one place
Onecrumble-critical Issue per repo. Auto-closes when the latest scan reports zero criticals.Crumble gets smarter through open competition.
Crumble is the initial benchmark implementation for Bittensor subnet 121. Miners compete against Crumble — a real deployed security review system shaped by 1,683+ agent submissions, enterprise deployments, and adversarial testing. As they improve, the subnet continuously raises the performance ceiling of the product itself.
The subnet discovers
- Exploit detection
- Remediation reasoning
- False positive reduction
- AI-native vulnerability discovery
- Workflow-level security analysis
- Autonomous agent security
- Prompt injection vectors & jailbreaks
Validators rank miners by
- Vulnerability discovery accuracy
- Exploit realism
- Remediation quality
- False positive rate
- Patch effectiveness
- Speed of analysis
As AI-generated software scales globally, Crumble gets smarter through SN121.
An autonomous immune system
for AI-generated software.
Crumble emerged from deploying autonomous systems into enterprise workflows, where security and trust became foundational problems. sundae_bar keeps building AI agents and enterprise automation; Crumble is the trust layer that makes them shippable.
Crumble — autonomous security review for AI-generated code.
sundae_bar — AI agents & enterprise automation.
SN121 — the subnet that trains Crumble through adversarial competition.
Frequently asked questions
Everything teams ask before pointing Crumble at production.
Crumble clones the branch, walks the changed files, and runs an autonomous security review using the OWASP playbook plus AI-native vulnerability patterns learned from SN121. The output lands as a Crumble Audit GitHub Check Run, inline review comments on the offending lines, and a single Markdown summary comment that re-runs edit in place.
Traditional scanners flag known signatures. Crumble adds contextual review designed for AI-generated systems — broken auth, unsafe RLS, prompt injection vectors, eval surfaces, and shapes that look correct but aren’t. Every finding explains what’s dangerous, why it matters, how an attacker exploits it, and how to fix it, in plain English.
We tune the playbook against output from Cursor, Claude Code, Lovable, v0, Bolt, and Replit — but Crumble reviews any code in your repo. It doesn’t matter whether a human wrote it; it matters whether it’s safe to ship.
Workspaces start with a $0 balance. Inference (token spend × markup) and container runtime (per minute) are metered post-hoc and billed against your credit balance. Redeem the
BITTENSOR50code for $50 in credit, or top up via Stripe. Public repos can also be audited anonymously, with no install.Crumble is the initial benchmark implementation for Bittensor subnet 121. Miners compete against Crumble — adversarial testing, real-world exploit analysis, false-positive reduction. Their improvements ship back into the product. The more AI-generated code there is in the wild, the smarter Crumble gets.
Crumble clones into a per-scan ephemeral container that’s torn down at completion. We persist scan metadata (findings, file path + line evidence) but not your source code. The runner uses installation-scoped GitHub tokens that expire in one hour. Public-repo scans use anonymous clones.
You ship fast.
Crumble watches the weird stuff.
Traditional AppSec was built for humans. Crumble is built for AI-generated systems. Because shipping fast shouldn’t mean shipping vulnerabilities.