Gecko is an AI security engineer that finds and fixes bugs in your code. It learns how your code works and creates targeted attack scenarios to find and fix weaknesses. It has discovered critical 0-day vulnerabilities that previously only humans could find.
👋🏼Hi Product Hunt makers!
I’m JJ, the Co-Founder of Gecko—an AI security engineer to find and fix vulnerabilities in your code. Today, we’re officially launching the Gecko platform, and we’re excited to share what we have built.
Most of the developers we spoke to told us that they think of security as an afterthought, added out of fear rather than part of the development process at the start. This is because current security tools can’t find critical business logic vulnerabilities, which are the ones attackers actually exploit, and instead flag low-priority issues with many false positives. This makes fixing these issues slow and costly, pulling engineers away from building features that grow revenue.
We built Gecko for teams that want to build secure code quickly without wasting time on tools that don’t deliver results, or relying on one-time human pentests that quickly become outdated. Gecko uses AI to understand how your application should work, simulates relevant attacks to find critical vulnerabilities, and then verifies these vulnerabilities by exploiting them. It also helps you understand the risk of these vulnerabilities and applies a working fix to keep your code secure.
At a high level, Gecko mimics the approach of skilled security experts by using LLM agents combined with program analysis tools like static analyzers, fuzzers, and symbolic executors, previously only used in Intelligence agencies. For fixing vulnerabilities, Gecko uses multiple agents to iteratively refine the patches - ensuring the vulnerability is remediated and your code isn’t broken. We have released our free version which is limited to SAST and only supports Python and Javascript as we continue to optimise edge cases in the other languages.
Gecko is still in its early stages and we are improving it everyday. We have used Gecko to find several 0-day vulnerabilities open source projects that previously only human security engineers could find. If you want to join the journey with us, join our Discord and share your feedback!
https://discord.gg/8MMHngbEaM
Absolutely amazing... Gecko was a lifesaver when it came to security. Had no idea where to start and the founders really went the extra mile for me :)
This is awesome, have really needed something like this for quite a few projects! Can't wait to try it out even more.
Loving it. I saw the demo, and this is the coolest software I’ve seen lately. Congrats on the launch, guys! 🔥
“think of security as an afterthought, added out of fear rather than part of the dev process at a start” - this is so true.
Happy you are changing this! Great product - congrats on the launch!
Super impressive product! I was already sold when you demoed it at YC. Congrats on the launch guys 🎉
Finally, security that gets how devs actually work! Been putting off pen testing our new feature because... well, who has time? Quick q - how deep does it go with third-party integrations? Got some OAuth flows that keep me up at night
Congrats on the launch! This AI tool sounds super cool. How does it compare to static and dynamic code analysis tools?
