Lictor AI

The security crew for apps you built with AI.

Your Lovable app exposes the database. Your Bolt project leaks the Stripe key. Your v0 page lets anyone read every user’s row. You wouldn’t know any of that. Lictor’s 11 AI agents audit your project in plain English in under a minute. Free, open source, runs locally inside Claude Code.

Scan a URL → Star on GitHub

Apache 2.0 · No signup · No telemetry · Built by a 20-year cybersec engineer

One slash command. Eleven agents. Plain English.

Lictor ships as a Claude Code skill suite. Install once, run from any project. No dashboard to learn, no jargon to translate, no “contact sales” banner.

Free · Claude Code skill

/lictor-security-check

The 60-second audit. Walks your project, runs 7 checks, writes a plain-English report. 

# Inside Claude Code, from any project:
/lictor-security-check

# Output:
# 🔴 CRITICAL · Your Supabase service key is in
#     bundle.js line 1247. Anyone with the URL has
#     full database write access. Fix below.
# 🟠 HIGH · /api/users returns every row to any
#     logged-in user. Add RLS policy.
# 🟡 MED · Stripe webhook unsigned. (5 more...)
  • 7 checks tuned for Lovable / Bolt / v0 / Cursor / Replit patterns
  • Plain English — no “information disclosure vulnerability,” just “anyone can read your customer list”
  • Three sibling skills: /lictor-explain, /lictor-fix-it, /lictor-rotate
  • Runs 100% local. No token, no signup, no telemetry, no per-seat pricing
Install in 60 seconds →

When the audit isn’t enough

Three more layers when your AI-built app starts handling real traffic. Same Rust engine, ships everywhere at once.

Free · Chrome extension

Lictor Shield

Audits any deployed AI-built site you visit. Catches the issues before you sign up.

  • Detects Lovable / Bolt / v0 / Next.js / Supabase fingerprints on any URL
  • 5 static checks: leaked secrets, exposed DB, open auth, CORS, AI-agent surface
  • Local-only — no URL ever leaves your browser
  • Real-time alarm when an AI agent on the page touches your cookies
Install →
Free · npm + PyPI

Lictor Sentinel

For when your AI-built app calls OpenAI / Anthropic at runtime. Blocks prompt injection + secret leaks. 

import { wrap } from "@lictor/sentinel";

const client = wrap(new OpenAI(), {
  preflight:  ["prompt-injection", "secrets-in-input"],
  postflight: ["pii-leak"],
});

// Same call site. Same response shape.
// Sentinel intercepts pre + post.
  • 32 prompt-injection patterns across 7 attack families
  • 15 secret patterns (Anthropic, OpenAI, Stripe, GitHub, AWS, Supabase, …)
  • Luhn-validated credit card detection in model output
  • Privacy: never ships raw input/output — only 16-char fingerprints
npm → PyPI →
Free preview · 90 days

Lictor Guardian

For when your AI-built app gets its first customer who asks “are we SOC 2 safe?”

  • Per-incident timeline — see what every Sentinel call caught and why
  • Audit log export (CSV + JSON) for SOC 2 / GDPR Article 32 evidence
  • Slack webhook for critical incidents — no email-only escape hatch
  • Append-only audit log enforced at the database trigger level
Join waitlist →

The crew that runs the audit

Most AI security tools are a black box: input goes in, findings come out. Lictor’s 11 specialist agents are named, transparent, and surface their work. You see which agent found what — and why.

🎼 Wolf · orchestrator

Reads your project, plans the audit, hands work to the right specialist. Surfaces a daily briefing so you always know what the crew did and what’s next.

🔍 Owl · quality gate

Scores every finding against three audience personas before it ships. A finding less than 6/10 doesn’t make the report. Better to skip a noisy alert than ship a wrong one.

📡 Hawk · pattern scout

Hunts for the bug shapes that vibe-coders ship most. Lovable RLS gaps, Bolt env-var leaks, v0 unsigned webhooks, Cursor hallucinated npm packages. Trained on 1,430+ real audits.

🖊️ Lyrebird · voice keeper

Translates every finding into plain English. Not “information disclosure vulnerability” — “your /api/users page gives out the customer list to anyone.” Reports your mom could read.

🧲 Bee · fix designer

For every issue, drafts the smallest possible fix and the exact file + line to put it in. No 40-page remediation guides. One paragraph, one diff, one rotated key.

🪞 Mantis · audit auditor

Weekly reviewer that grades the crew’s own work. Catches false positives, drifting voice, missed patterns. The reason the crew gets better, not louder, over time.

Plus five more: 🦾 Octopus (engineering), 🧪 Mongoose (currency tester), 📊 Bat (hook crafter), 📈 Starling (virality intel), 🎵 Cuttlefish (aesthetic curator). Every agent is a markdown file you can read. See the SOULs →

Why now

40-62% of AI-built code ships vulnerable

91.5% of vibe-coded apps had at least one AI-hallucination flaw in Q1 2026. Lovable exposed 18,000 users across 170+ databases in February. 8 million people use these platforms. Most of them don’t know what an “RLS policy” is.

Enterprise security tools weren’t built for you

Snyk, Veracode, Checkmarx — they all assume a 5-developer team and a CISO who speaks SOC 2. Lictor assumes you, a Claude Code window, and a Lovable app you shipped on Saturday.

Plain English isn’t a feature. It’s the product.

Every Lictor finding is written as “your X does Y, anyone can do Z.” No CVE numbers in the headline. No CVSS scores. No “leverage” or “synergize.” If the finding can’t be explained to a non-technical co-founder, Lyrebird rewrites it.

Open source so trust is verifiable

Apache 2.0. Every check is a markdown file you can read. Every agent has a SOUL.md you can fork. No proprietary engine, no closed black box, no audit-as-a-service contract. Read it. Run it. Fork it. Trust comes from the code, not from a certificate.

Coming Q1 2027 — Lictor Sentry

AI threat protection for high-value individuals. iOS VPN profile that watches outbound AI API calls from your phone — for executives, journalists, founders whose AI assistant has access to sensitive data.

We’ll only email you when Sentry is ready to install. No newsletter.

Who’s building this?

Lictor is built by a 20-year cybersecurity engineer based in Israel. Twenty years of CISO advisory at Fortune 500 and security architecture for venture-backed startups. Twenty years of writing security reports that nobody outside compliance teams could read.

Lictor exists because the people shipping the most software right now — solo founders building from Lovable on Saturday, indie hackers prototyping in Cursor at midnight, designers deploying a Bolt project before their morning coffee — don’t have a CISO. They have themselves, an AI assistant, and 48 hours to ship something. They need security tooling that speaks plain English and doesn’t require a sales call.