The AI change safety layer

Ship AI code with proof.

Your AI writes the code. Axyr proves whether it’s safe to ship — SQL injection, broken access control, leaked keys, DB-destroying migrations. Deterministic. Fast. No false alarms.

Private beta. No spam. Just proof.

axyr · app/invoices/[id]/route.tsreplay ✓

CriticalCWE-862 · broken access control

prisma.invoice.delete executes before any auth check runs.

sourcereq.params.id — public, no auth↓ sinkprisma.invoice.delete() · line 6proofdelete is not dominated by auth()

SafeCWE-89 · sql injection

Query is parameterized · no tainted value reaches the SQL sink.

The fear

AI writes 80% of your code.
You don’t read all of it.

The bug isn’t in the line you reviewed. It’s in the four hundred you accepted.

The invisible flaw

An injection path no diff review would ever catch by eye.

The migration that drops the DB

One generated migration, every row gone — in production.

The committed key

A live secret hardcoded and pushed straight to the remote.

The malicious package

A hallucinated dependency that turns out to be a trap.

“Works on my machine”

Green locally, broken in prod — the gap nobody tested.

How it works

Four verdicts. One of them is honesty.

Every change gets a verdict in monospace — and a verdict you can replay byte-for-byte.

CRITICAL

A security property is provably broken. This is the only state that blocks.

WARNING

Doubt with a real reason. Surfaced, never blocked — your call.

SAFE

Proven to hold under the property. Not “looks fine” — proven.

UNKNOWN

We can’t prove it yet. Declared out loud — never disguised as safe.

We only block on proof. Doubt warns. Ignorance is declared — never hidden as safe.

The dominance demo

Same code. Two lines swapped. One destroys you.

A pattern matcher sees an auth() call in both files and calls them safe. Order is everything.

route.ts — guard beforeSafe

export async function DELETE(req, { params }) {
  const session = await auth();
  if (!session) return unauthorized();
  await prisma.invoice.delete({
    where: { id: params.id },
  });
  return ok();
}

delete is dominated by the auth check

route.ts — guard afterCritical

export async function DELETE(req, { params }) {
  await prisma.invoice.delete({
    where: { id: params.id },
  });
  const session = await auth(); // too late
  return ok({ user: session?.user });
}

delete runs before any check — anyone deletes anything

A check that runs too late protects nothing. Pattern matchers say “safe.” Axyr doesn’t.

Why Axyr is different

Not another scanner. A safety layer for change.

Change-oriented

We judge the diff, not a frozen snapshot. The question is what this commit breaks.

Property-oriented

We track the security property a commit violates — taint reaching a sink, a guard that no longer dominates.

Deterministic

Same facts in, same verdict out — replayable to the byte. No model lottery, no flaky runs.

Built for the vibe coder

You shipped fast with AI. Axyr is the layer that lets you keep doing that — without the 2 a.m. incident.

We’re building a deterministic security certifier in Rust — in the open. No magic, no model that “feels” safe. Just execution paths, dominance, and proofs you can replay.

Proof, not vibes./the axyr founders

Follow on X

Don’t let AI destroy your database.

Join the private beta. Get the proof layer before the incident does.