Developer uses four AI agents to audit his own code auditing website
A developer running turva.dev, a code-auditing service, turned four Claude-powered AI agents on his own public codebase to test whether it could withstand the scrutiny it promises clients. The agents reviewed roughly 5,400 lines of source code, an MCP server, and public repository documentation, returning 91 findings ranging from a mislabeled key algorithm to a legal page misclassifying the business type. Four findings were flagged HIGH severity, but all four were ultimately dismissed after verification — two stemmed from a misread scanner scale and a cached fetch returning stale version data, while the fourth was a genuine mismatch between a no-logging promise and an active observability setting. The real logging discrepancy was fixed by disabling platform observability rather than quietly rewording the documentation, preserving the integrity of the original claim. The exercise highlighted that automated scanners, which scored the site 100/100 before and after most fixes, cannot detect inconsistencies between advertised configurations and actual deployed code.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in