Question 1

Is AI-generated code safe to deploy?

Accepted Answer

AI-generated code frequently contains security vulnerabilities that are invisible without specialized scanning. Common issues include hardcoded API keys and credentials, OWASP Top 10 vulnerabilities like injection flaws, insecure dependencies, backdoors introduced through prompt injection, and supply-chain risks in AI-recommended packages. VettIQ scans for all of these before code reaches production.

Question 2

How do I scan code written by Cursor or GitHub Copilot for vulnerabilities?

Accepted Answer

VettIQ integrates directly with any AI coding environment. You connect your repository, and VettIQ runs a five-model sequential scan — detection, deep analysis, adversarial probing, fix suggestion, and verification — on all AI-generated code before it is merged. It works with Cursor, GitHub Copilot, Claude, and any other AI coding tool.

Question 3

What is an MCP server and why does it need security scanning?

Accepted Answer

An MCP (Model Context Protocol) server extends AI agents with new capabilities — file access, API calls, browser control, and more. Connecting an insecure MCP server to an AI agent can expose your system to data exfiltration, unauthorized API access, and prompt injection attacks. VettIQ's MCP directory scores over 1,257 MCP servers for security risk before you connect them to your agents.

Question 4

What is AI agent runtime security?

Accepted Answer

AI agent runtime security enforces guardrails on an AI agent while it is actively running — not just before deployment. VettIQ monitors agent behavior in real time, blocking unauthorized network calls, preventing data exfiltration, and stopping out-of-scope actions. This is critical for autonomous agents that operate without continuous human supervision.

Question 5

How is VettIQ different from Snyk or traditional SAST tools?

Accepted Answer

Traditional SAST tools like Snyk are designed for human-written code with known vulnerability patterns. VettIQ is purpose-built for AI-generated code, which introduces novel risk categories — adversarial patterns from prompt injection, statistically plausible but insecure code constructs, and agent-level runtime behaviors — that traditional scanners were not designed to detect. VettIQ also covers the MCP ecosystem and agent runtime layer, which no traditional SAST tool addresses.

File	Purpose
claude.md	Security rules for AI coding tools — ALWAYS/NEVER format for FastAPI and PostgreSQL
SECURITY_SPEC.md	Detailed security specification with rationale for each requirement
ACCEPTANCE_TESTS.md	Manual and automated test cases for verifying compliance
scan-profile.json	Machine-readable scan rules used by VettIQ's scanner engine
QUICK_START.md	Getting started guide with tool-specific setup instructions

Python + FastAPI + PostgreSQL

Quick Start

Works With Your Tools

Claude Code

Cursor

Windsurf

GitHub Copilot

Security Rules

What's in the Blueprint

Ready to Secure Your Stack?