{"id":84816,"title":"Gecko Security: Your AI Security Engineer","tagline":"Gecko is an AI SAST for finding and fixes security vulnerabilities in your codebase. It's just like having a security engineer making your code secure.","body":"**TL;DR:** We built [Gecko](https://gecko.security/) for teams that want to build secure code quickly without wasting time on tools that don’t deliver results, or relying on one-time human pentests that quickly become outdated.\n\n![uploaded image](/media/?type=post\u0026id=84816\u0026key=user_uploads/1969797/81233561-38af-49a4-b7ed-03f61aa03ae0)\n\n### **The Problem**\n\nMost developers tell us they think of security as an afterthought, added out of fear rather than part of the development process at the start. This is because current security tools **can’t find critical business logic vulnerabilities**, which are the ones attackers actually exploit, and instead flag low-priority issues with many **false positives**. This makes fixing these issues slow and costly, **pulling engineers away from building** features that grow revenue.\n\n### **The Solution**\n\nGecko uses AI to understand how your application should work, simulates relevant attacks to find critical vulnerabilities, and then verifies these vulnerabilities by exploiting them. It also helps you understand the risk of these vulnerabilities and applies a working fix to **continuously** **keep your code secure**. [Watch our demo here!](https://www.youtube.com/watch?v=ObuItEP3rZk)\n\n### **Technical Details**\n\nAt a high level, Gecko mimics the approach of skilled security experts by using LLM agents combined with program analysis tools like static analyzers, fuzzers, and symbolic executors, which were previously **only used in intelligence agencies**. For fixing vulnerabilities, Gecko uses multiple agents to iteratively refine the patches - ensuring the vulnerability is remediated, and your code isn’t broken. All testing is done in parallel with certified human pentesters, as we continue to benchmark Gecko’s performance to ensure no vulnerabilities are overlooked.\n\n### **Ask**\n\n**Do you have code that needs to be secured?** Email us at [**gecko@gecko.security**](mailto:gecko@gecko.security) or book a demo at [**https://cal.com/geckosec/15min**](https://cal.com/geckosec/15min).\n\n### **Team**\n\n[JJ](https://www.linkedin.com/in/jeevan-jutla/) and [Artemiy](https://www.linkedin.com/in/artemiy-malyshau/) met four years ago while studying in London. Since then, they have traveled the world competing in CTFs and hackathons, earning over $100,000 in prizes. \n\nJJ previously worked for the UK Intelligence Service (GCHQ), as a teenager building automated tooling to defend critical infrastructure. He also worked at Binance in China leading security tool development for the Red Team.\n\nArtemiy holds an MSc from Imperial College London, where he was a scholar. He has contributed to research in multi-agent systems and reinforcement learning. As the first employee and only non-PhD member at his previous company, he developed threat intelligence software for Interpol and national governments. \n\nBoth are deeply committed to cybersecurity and AI, and are focused on solving one of the industry's most challenging problems.","slug":"M40-gecko-security-your-ai-security-engineer","created_at":"2024-10-16T21:47:06.425Z","updated_at":"2026-05-25T00:15:48.419Z","total_vote_count":81,"url":"https://www.ycombinator.com/launches/M40-gecko-security-your-ai-security-engineer","share_image_url":"https://www.ycombinator.com/media/?type=post\u0026id=84816\u0026key=user_uploads/1969797/81233561-38af-49a4-b7ed-03f61aa03ae0","company":{"id":30087,"name":"Gecko Security","slug":"gecko-security","url":"https://gecko.security","logo":"https://bookface-images.s3.amazonaws.com/small_logos/475ae1459a273ef4827fe78aeed097961151b782.png","batch":"Fall 2024","industry":"B2B","tags":["SaaS","B2B","Security","Cybersecurity","AI"],"search_path":"https://bookface.ycombinator.com/company/30087"}}