Show IH: Vultest, AI vulnerabilities scanner that opens auto-fix PRs
• Vultest scans your codebase using Opus 4.6.
• It identifies vulnerabilities AI (or yourself!) introduced while you weren't looking.
• It doesn't give you a list of chores. You click "Apply Fix" and it opens the PR on github for you.
Trending on Indie Hackers
This is a strong security wedge because the value is not just “scan my repo.” The useful part is reducing the gap between AI-generated code and actual remediation. Most scanners still create a second workflow: find issue, understand issue, make ticket, write fix, open PR. Vultest is stronger if the core promise is “AI-introduced vulnerability to reviewable fix PR.”
That positioning matters because AI coding tools are making security debt faster than teams can manually inspect it. The auto-fix PR angle makes Vultest feel closer to a security repair layer for AI-assisted development, not just another vulnerability dashboard.
The naming is the one serious thing I’d watch early. Vultest explains vulnerability testing, but it also sounds like a testing utility. If this becomes a harder security product for AI codebases and dev teams, Vroth.com would carry more weight as a serious security infrastructure brand.
I spent 5 years as a C++ engineer writing code in a traditional way. Recently I started using Claude as a coding assistant for my side projects. I let it produce more and more code. As I added features, I came to some conclusions.
AI is great at generating features, but it's terrible at security. And a prolific regression creator. Changes are rarely atomic. I swapped out entire structures/files just to render nicely MDX components.
In doing so, I kept on breaking things that were previously working.
I dislike testing (sorry for the TTD community), but I can't either create apps that would break unexpectedly or make the users information vulnerable...
So I build vultest, it uses AI to find vulnerabilities in my project and produce actionable reports (opens PRs on github). Eventually, I want to grow it to my outsourced testing framework. I thought it might be useful for others and wondered if indie hackers would be interested in my side testing project for which I have for now paused my "main" side projects.
You can have a look at the demo and scan your codebase without any paywall. I would love to have some feedback and to know if it catches some important vulnerabilities in your stack.
This is such a great idea! I've been using Claude more and more to build helper utilities and full efficiency boosting tools and always end up with the same question... "How do I test this thing and know it's not just sending all my data somewhere else?!".
Great tool!