Authorisation chain bypass
An agent rewrites a permission check as a strict equality and drops the role guard. Cybe rebuilds the chain and refuses the diff.
Caught at agent-time
BLSA · BankingLive for design partners
Money moves at agent speed. Logic flaws move with it.
Authorisation chains, FX rules, internal transfers. The parts no scanner reads. Cybe maps your business logic the way an auditor would, then catches the unsafe rewrites your AI agent ships at five thousand lines a day.
blsa://banking - live
BLSA in motion · Bankinglive loop
- 43%
- of breaches via business logic
- Verizon DBIR
- 0
- scanners that read auth flows
- today's stack
- 20 min
- to map your logic surface
- median
Public-research collaboration
BLSA is built in collaboration with the CNRS and the CRIStAL laboratory (Université de Lille). Together we're prototyping a brand-new class of scanner that reasons about your codebase's business logic, the kind of risk no syntactic SAST has ever caught.
What we catch
Banking exploits scanners can't see.
Five-figure incidents start with rewrites no SAST tool flags. We do.
FX-rate race conditions
Two transactions read the rate before the lock. Cybe traces the order of operations across services, not just the function.
Caught at agent-timeInternal-transfer escalation
Inter-account moves bypass the daily ceiling because the new code path skipped the policy. Caught before merge.
Caught at agent-timeLive · just shipped
Install VibeDefend in 5 seconds.
One command. Every coding agent on your laptop wired to CybeDefend: business rules mined from your code, security rules from the frameworks your auditors expect, action guards that block dangerous calls before they fire.
Install in 5 secondsNode 18.17+
npx -y @cybedefend/vibedefend@latest installAuto-detects
Claude Code
Cursor- OpenAI Codex
Windsurf
VS Code Copilot
Read the README on npm