Gecko is an AI security engineer that finds and fixes bugs in your code. It learns how your code works and creates targeted attack scenarios to find and fix weaknesses. It has discovered critical 0-day vulnerabilities that previously only humans could find.
👋🏼Hi Product Hunt makers!
I’m JJ, the Co-Founder of Gecko—an AI security engineer to find and fix vulnerabilities in your code. Today, we’re officially launching the Gecko platform, and we’re excited to share what we have built.
Most of the developers we spoke to told us that they think of security as an afterthought, added out of fear rather than part of the development process at the start. This is because current security tools can’t find critical business logic vulnerabilities, which are the ones attackers actually exploit, and instead flag low-priority issues with many false positives. This makes fixing these issues slow and costly, pulling engineers away from building features that grow revenue.
We built Gecko for teams that want to build secure code quickly without wasting time on tools that don’t deliver results, or relying on one-time human pentests that quickly become outdated. Gecko uses AI to understand how your application should work, simulates relevant attacks to find critical vulnerabilities, and then verifies these vulnerabilities by exploiting them. It also helps you understand the risk of these vulnerabilities and applies a working fix to keep your code secure.
At a high level, Gecko mimics the approach of skilled security experts by using LLM agents combined with program analysis tools like static analyzers, fuzzers, and symbolic executors, previously only used in Intelligence agencies. For fixing vulnerabilities, Gecko uses multiple agents to iteratively refine the patches - ensuring the vulnerability is remediated and your code isn’t broken. We have released our free version which is limited to SAST and only supports Python and Javascript as we continue to optimise edge cases in the other languages.
Gecko is still in its early stages and we are improving it everyday. We have used Gecko to find several 0-day vulnerabilities open source projects that previously only human security engineers could find. If you want to join the journey with us, join our Discord and share your feedback!
https://discord.gg/8MMHngbEaM
