← All protections
AI-native · Deep auditDeep audit
How Stateward protects you against insecure ai-generated code
The threat
Copilot, Cursor and Claude write a rising share of production code with less human review per line — opening failure modes legacy scanners were never built for: insecure defaults, over-permissive configs, hallucinated dependencies and prompt-injection surfaces.
How Stateward catches it
Stateward targets the failure patterns of AI-written code specifically, with per-language adversarial review packs and AI-specific checks for hallucinated dependencies, over-permissive defaults and prompt-injection surfaces — the category every incumbent missed.
AI-generated code auditCWE-1426
Recent advisories of this class
- criticalAI-GROK-BANKR-WALLET-2026In early May 2026 an attacker drained roughly $150,000 from an AI-powered crypto trading agent on X (Twitter) through prompt injection, an exploit of Grok and the linked Bankrbot agent documented by AI-security researchers including Giskard and NeuralTrust. The attacker posted a Morse-code-encoded message on X and asked Grok to translate it; Grok decoded the obfuscated payload, which contained hidden financial instructions, and the encoding let the untrusted post slip past content filters. Grok processed this user-supplied X content as a trusted directive with no separation between conversation input and authorized commands, then relayed the decoded instruction to the linked Bankrbot agent, which executed it as a legitimate order. Combined with a previously transferred Bankr Club Membership NFT that granted elevated 'Executive' wallet permissions, Bankrbot sent about 3 billion DRB tokens (roughly $150,000) on the Base network to the attacker's wallet, with no human-in-the-loop or circuit breaker on the high-value transfer. About 80% of the funds were later returned after the community identified the attacker.
- highAI-CLAUDECODE-SOURCEMAP-2026On March 31, 2026, Anthropic accidentally shipped the full source of its Claude Code CLI inside a published npm package. A missing .npmignore rule for *.map left a roughly 59.8 MB source map in the tarball, embedding about 512,000 lines of unobfuscated TypeScript across some 1,900 files, including internal prompts, tool definitions and architecture. The root cause was a packaging failure compounded by a bundler bug: Bun continued emitting source maps even when generation was disabled, and nothing stripped or excluded them before publish. Because npm releases are immutable and mirrored instantly, the source was cloned, dissected and re-hosted within hours, and a clean-room reimplementation reached tens of thousands of GitHub stars the same day. It is a textbook source-map disclosure: the sourcesContent field of a .map file carries the original code verbatim, so a single map left in a shipped artifact hands an attacker the entire codebase, comments and all. The same class hit Apple's App Store web front-end in November 2025, where production source maps left enabled let a researcher reconstruct and publish the full client source.
- mediumAI-SECRETS-SPRAWL-2025GitGuardian's State of Secrets Sprawl research found that AI coding assistants are driving a surge in leaked credentials on public GitHub. AI-assisted commits leaked secrets at roughly twice the baseline rate, with Claude Code-assisted commits showing a 3.2% leak rate versus 1.5% for human-only commits, contributing to 28.65 million new hardcoded secrets added to public GitHub in 2025 (a 34% year-over-year increase). The study also found 24,008 unique secrets in MCP configuration files, where setup guides often instruct developers to paste API keys directly into config.
- criticalAI-COPILOT-CAMOLEAK-2025Legit Security disclosed CamoLeak (CVSS 9.6), a critical vulnerability in GitHub Copilot Chat enabling silent exfiltration of private source code and secrets. The attack combined remote prompt injection via hidden pull-request comments with a CSP bypass that abused GitHub's own Camo image proxy: injected instructions made Copilot extract sensitive repo context, encode it character-by-character into a pre-generated dictionary of Camo image URLs, and leak it through image requests to an attacker server. GitHub mitigated it by disabling image rendering in Copilot Chat in August 2025.
Check your own repo for this
Connect a repo and Stateward reviews your next pull request — read-only, free for individuals and open source.
Built to be trusted with your code
Read-only & ephemeral
Stateward can comment, but never pushes, merges or stores your keys.
EU-sovereign hosting
Code and security data stay EU-hosted via Citadea — built for NIS2, DORA and the CRA.
Whole-codebase aware
Reasons over your call graph and trust boundaries, not just the diff.
Stateward is in beta and onboarding design partners. Built by Yggdrasil Digital.