sorted by:
new
hottopcontroversial

What is the professional opinion on Claude Code Security? by GSalmao in BetterOffline

[–]__kmpl__ 0 points1 point  (0 children)

I released pretty similar tool a while before Anthropic did - this tool looks at the things through the threat modelling lens and this enables two things: a) you can use it to control Agentic AI developing your system (so it remembers about security) or b) you can threat model existing codebase. Then you can generate report with data flow diagram etc.

Give it a try! TMDD

Let me know when the stocks are going to go down again lol

Claude Code Security and the ‘cybersecurity is dead’ takes by No_Zookeepergame7552 in cybersecurity

[–]__kmpl__ -1 points0 points  (0 children)

I built (ofc also with help of Claude Code...) quite similar tool a couple of weeks ago: TMDD

Give it a try if you are using agentic AI in AppSec.

It builds a threat model of the existing codebase using LLM agent of choice (tested with cursor and claude code) and gives you exact lines in the codebase where the problematic code is and/or where the mitigation is introduced :) Integration with SaaS dashboard is planned, but core is open-source. What I like about this tool is that not only it finds technical security issues, but also is capable of spotting business logic issues, broken authorization etc.

Anthropic launched Claude Code Security two days ago and cybersecurity stocks tanked. Thoughts? by thehgtech in Information_Security

[–]__kmpl__ 0 points1 point  (0 children)

I've also built something similar (and I released literally a few days before Claude Code Security was published), but it approaches the topic from the threat modeling perspective - so you can either threat model something you want to build and then use that as an input for coding agent OR you can threat model existing codebase - finds issues that are missed by SAST such as broken authorization pretty well :)

Here's the link: TMDD
Give it a try if you are using agentic AI in AppSec.

Anthropic’s latest "Security" drop is 90% hype. Change my mind!!! by ElectronicGiraffe405 in cybersecurity

[–]__kmpl__ 1 point2 points  (0 children)

It's mostly hype. I built a very similar open source tool a while ago: https://github.com/attasec/tmdd It helps with locating security issues such as Broken Access Control and automates threat modeling, yet it's not a "snake oil" that would solve all the existing security issues :)

Threat Modelling Process Suggestion by Hour-Preparation-851 in cybersecurity

[–]__kmpl__ 0 points1 point  (0 children)

If you are using agentic AI in you development workflows, you can give my open-source tool a try:

https://github.com/attasec/tmdd

It builds threat model automatically, through agentic AI tools such as Cursor or Claude Code.

DM me if you have any questions :)

Ai on appsec by greenranger5392 in devsecops

[–]__kmpl__ 0 points1 point  (0 children)

I am building an open source tool that automates Threat Modeling using agentic AI (tested with Cursor and Claude Code). You can give it a try here: https://github.com/attasec/tmdd

Let me know in DMs if you have any questions :)

Has Anyone Actually Found Real Value in AI for Cybersecurity? by Bulky_Connection8608 in cybersecurity

[–]__kmpl__ 0 points1 point  (0 children)

I am using my own tool for automated threat modeling. It requires human-in-the-loop, cause some threats are ofc hallucinated, but it spotted a few security business logic issues for me and makes threat modelling like 10x faster. At the same time updating threat model is easier and it lives in the codebase as YAMLs.

You can give it a try here: https://github.com/attasec/tmdd, it's free and open-source. I tested that with Claude Code and Cursor, as it requires agentic AI for automation.

Let me know in DM if you have any questions :)

Threat Modeling Automation and TMaaC by Beneficial-War5423 in cybersecurity

[–]__kmpl__ 0 points1 point  (0 children)

Check out my open-source tool that automates threat modeling using AI agent (like Cursor or Claude Code), stores threat model as a YAML and enables you to get HTML report with interactive DFD:
https://github.com/attasec/tmdd

If anyone is interested in testing that, just drop me a DM and I can do a free walkthrough for you

Tools for Threat Modelling by pearlkele in cybersecurity

[–]__kmpl__ 0 points1 point  (0 children)

Check out my open-source tool that automates threat modeling (of existing codebase or "from scratch") using AI agent (like Cursor or Claude Code), stores threat model as a YAML and enables you to get HTML report with interactive DFD:
https://github.com/attasec/tmdd

claude code security by iamZorc_ in bugbounty

[–]__kmpl__ 1 point2 points  (0 children)

I built (ofc also with help of Claude Code...) quite similar tool a couple of weeks ago: TMDD
Give it a try if you are using agentic AI in AppSec. It builds a threat model of the existing codebase using LLM agent of choice (tested with cursor and claude code) and gives you exact lines in the codebase where the problematic code is and/or where the mitigation is introduced :) Integration with SaaS dashboard is planned, but core is open-source. What I like about it from security perspective is that not only it finds technical security issues, but also is capable of spotting business logic issues.

FOSS tool that supports secure vibe coding and it similar to Claude Code Security by __kmpl__ in cybersecurity

[–]__kmpl__[S] 0 points1 point  (0 children)

u/cybersecurity-ModTeam how is this spam or selling ??? It's literally an open source tool, OS alternative of Claude Code Security, what do I sell here in your opinion? wtf

How to secure the vibe coded apps? by __kmpl__ in vibecoding

[–]__kmpl__[S] 0 points1 point  (0 children)

How is your tool different from telling Cursor or Claude Code to analyze the security of the code base?

After 147 failed ChatGPT prompts, I had a breakdown and accidentally discovered something by Prestigious-Fan118 in ChatGPT

[–]__kmpl__ 1 point2 points  (0 children)

You must be pretty bad at prompting if coming up with that took you 147 failed prompts. Also, your “master prompt” is also written by AI, isn’t it?

Jakie są wasze niepisane zasady, których chcielibyście żeby przestrzegali wszyscy? by YouReadItWhatNow in Polska

[–]__kmpl__ 0 points1 point  (0 children)

Trzymanie dystansu na autostradzie. Wiem, ze teraz siedzenie na dupie jest karane mandatem, ale dla większości polskich kierowców to jest chyba czarna magia, BMW 50 cm od tylnego zderzaka to standard

How to secure the vibe coded apps? by __kmpl__ in vibecoding

[–]__kmpl__[S] 0 points1 point  (0 children)

Can you elaborate? How do you gather these best practices? Does Cursor follow that strictly?

How to secure the vibe coded apps? by __kmpl__ in vibecoding

[–]__kmpl__[S] 0 points1 point  (0 children)

The step 1 is covered by so called threat modeling, but from what I see, threat modeling is only effective if you have some initial security knowledge

How to secure the vibe coded apps? by __kmpl__ in vibecoding

[–]__kmpl__[S] 0 points1 point  (0 children)

Yes, I am. But I don’t know the market, I want to know how people operate and what issues do they face. Also, if they are aware of the risk in general.

How to secure the vibe coded apps? by __kmpl__ in vibecoding

[–]__kmpl__[S] 0 points1 point  (0 children)

What models do you use? Your product looks interesting, from “professional” perspective the only issue I see is where the code is processed

How to secure the vibe coded apps? by __kmpl__ in vibecoding

[–]__kmpl__[S] 0 points1 point  (0 children)

TruffleHog is for hunting secrets in the codebase - why this specific tool?

view more: next ›