3
3 Comments

Show IH: Vultest, AI vulnerabilities scanner that opens auto-fix PRs

• ​Vultest scans your codebase using Opus 4.6.
• ​It identifies vulnerabilities AI (or yourself!) introduced while you weren't looking.
• ​It doesn't give you a list of chores. You click "Apply Fix" and it opens the PR on github for you.

submitted this link to Icon for group Show IH
Show IH
on May 19, 2026
  1. 1

    This is a strong security wedge because the value is not just “scan my repo.” The useful part is reducing the gap between AI-generated code and actual remediation. Most scanners still create a second workflow: find issue, understand issue, make ticket, write fix, open PR. Vultest is stronger if the core promise is “AI-introduced vulnerability to reviewable fix PR.”

    That positioning matters because AI coding tools are making security debt faster than teams can manually inspect it. The auto-fix PR angle makes Vultest feel closer to a security repair layer for AI-assisted development, not just another vulnerability dashboard.

    The naming is the one serious thing I’d watch early. Vultest explains vulnerability testing, but it also sounds like a testing utility. If this becomes a harder security product for AI codebases and dev teams, Vroth.com would carry more weight as a serious security infrastructure brand.

  2. 1

    I spent 5 years as a C++ engineer writing code in a traditional way. Recently I started using Claude as a coding assistant for my side projects. I let it produce more and more code. As I added features, I came to some conclusions.

    AI is great at generating features, but it's terrible at security. And a prolific regression creator. Changes are rarely atomic. I swapped out entire structures/files just to render nicely MDX components.
    ​In doing so, I kept on breaking things that were previously working.
    I dislike testing (sorry for the TTD community), but I can't either create apps that would break unexpectedly or make the users information vulnerable...

    So I build vultest, it uses AI to find vulnerabilities in my project and produce actionable reports (opens PRs on github). Eventually, I want to grow it to my outsourced testing framework. I thought it might be useful for others and wondered if indie hackers would be interested in my side testing project for which I have for now paused my "main" side projects.

    You can have a look at the demo and scan your codebase without any paywall. I would love to have some feedback and to know if it catches some important vulnerabilities in your stack.

    1. 1

      This is such a great idea! I've been using Claude more and more to build helper utilities and full efficiency boosting tools and always end up with the same question... "How do I test this thing and know it's not just sending all my data somewhere else?!".

      Great tool!

Trending on Indie Hackers
The hardest part isn't building anymore User Avatar 88 comments I sold $6,773 in 2 weeks, with almost no existing community. User Avatar 60 comments Before you build another feature, use this workflow User Avatar 40 comments Ferguson is LIVE on ProductHunt today... so I audited their homepage first! User Avatar 38 comments Built a local-first Amazon profit-by-SKU + QuickBooks/Xero journal tool. Looking for founding users. User Avatar 32 comments I spent months chasing clients who already had a webmaster. So I built something that only finds the ones who don't. User Avatar 26 comments