Authorisation chain bypass
An agent rewrites a permission check as a strict equality and drops the role guard. VibeDefend rebuilds the chain and refuses the diff.
Caught at agent-timeAuthorisation chains, FX rules, internal transfers. The parts no scanner reads. VibeDefend maps your business logic the way an auditor would, then catches the unsafe rewrites your AI agent ships at five thousand lines a day.


BLSA is built in collaboration with the CNRS and the CRIStAL laboratory (Université de Lille). Together we're prototyping a brand-new class of scanner that reasons about your codebase's business logic, the kind of risk no syntactic SAST has ever caught.
Five-figure incidents start with rewrites no SAST tool flags. We do.
An agent rewrites a permission check as a strict equality and drops the role guard. VibeDefend rebuilds the chain and refuses the diff.
Caught at agent-timeTwo transactions read the rate before the lock. VibeDefend traces the order of operations across services, not just the function.
Caught at agent-timeInter-account moves bypass the daily ceiling because the new code path skipped the policy. Caught before merge.
Caught at agent-timeOne command wires every coding agent on your machine to CybeDefend: your business rules, your compliance frameworks, and guards that block destructive calls before they fire.
npx -y @cybedefend/vibedefend@latest install