Next-Generation Code Security

Your security tools were built for
human-written code.

Acutis wasn't. It formally verifies your AI agent's code in real time — blocking vulnerabilities before they reach your codebase.

Request Early Access See How It Works
100% Detection Rate Zero missed vulnerabilities1
0.034ms Per Scan Near-instant verification
70,000x Faster Than Semgrep Property vs. pattern matching
62.5% Vulnerabilities Eliminated Across 40 real prompts2

1 136 CVE cases, CVEFixes dataset, F1 = 1.0, 0 false positives.
2 40 prompts (Python & JS, CWE-79 & CWE-89), paired treatment/control, 0 regressions.

How It Works

Acutis sits between your AI assistant and your codebase. Every piece of generated code is formally verified before it reaches you.

You
Write a prompt
AI Assistant
Generates code
Acutis
Formally verifies
Your Code
Safe & verified

Not AI checking AI — formal mathematical verification.

Pick a scenario to start the demo

AI Coding Assistant
EXPLORER
▾ src
app.py
greeting.py
utils.py
tests.py
greeting.py
Select a scenario to see code here
CHAT
Ask your AI assistant...

Install once. Write code normally. Every AI-generated change is verified.

Under the Hood

A fundamentally different approach to AI code security.

Zero Trust by Default

Function parameters start at maximum danger. Unknown functions return maximum danger. Missing annotations block — never warn.

True Zero Enumeration

No function name lists. No regex patterns. No stdlib defaults. AI provides ALL semantic information — Acutis provides formal verification.

Multi-Language

Python and JavaScript via tree-sitter. Extensible architecture for additional languages.

Proof Artifacts

Every verdict includes property flow traces, trust assumptions, and remediation guidance. Auditable proofs — not just pass/fail.

Works Everywhere

Cursor, VS Code, Claude Desktop, and Windsurf. One-click install or manual config. Cloud-hosted with OAuth 2.1.

Extensible

Adding a new CWE requires ~30–50 lines. Define a security property, a boundary constraint, and a category. No function databases.

The Type System Paradigm

Existing tools (Semgrep, CodeQL) maintain human-curated function databases. Acutis eliminates that entirely.

Traditional Approach

  • Human-maintained function databases
  • Pattern enumeration (regex, AST patterns)
  • Scales poorly for novel AI-generated code
  • Heuristic-based — bypassable

Acutis Approach

  • AI declares function semantics
  • Formal property lattice verification
  • Works with any function, any library
  • Zero Trust — no heuristic bypass

What It Detects

Currently shipping with CWE-79 and CWE-89 detection. Extensible to any CWE expressible as property constraints.

CWE-79

Cross-Site Scripting (XSS)

Detects user-controlled data flowing to HTML output or URL sinks. Tracks MAY_CONTAIN_HTML_META, MAY_BE_URL_ENCODED, and MAY_CONTAIN_DANGEROUS_PROTOCOL properties.

innerHTML document.write .html() href / redirect
CWE-89

SQL Injection

Detects user-controlled data in SQL query strings without parameterization or escaping. Tracks MAY_CONTAIN_SQL_META property through the flow.

cursor.execute mysql_query f-string SQL string concat
Future

Extensible Architecture

Adding a new boolean-taint CWE requires ~30–50 lines: a SecurityProperty enum, a BOUNDARY_CONSTRAINTS entry, and a BoundaryCategory enum.

CWE-22 Path Traversal CWE-120 Buffer Overflow CWE-190 Integer Overflow

Request Early Access

Acutis works with Claude Code, Cursor, VS Code, and any MCP-capable assistant. Join the waitlist to be among the first teams to deploy it.

No credit card required. We will reach out with onboarding details.

Human-written code had its tools.
AI-generated code has Acutis.

Request Early Access