blog
Field notes from shipping a security scanner.
What we measure, what we get wrong, and what we ship to fix it. Every post is reproducible from public code.
- security · scanner-precision · post-mortem
We scanned 20 AI repos for leaked keys. Every scanner alert was a false positive.
What we learned running getdebug against 20 public AI-starter repos — and the three detector rules we shipped because of it.
- founding · manifesto
I used to guard buildings. Now I guard codebases.
I come from physical security. Every bug is a door. This is why I built getdebug.dev — and the part I am building everything else around.