Olivia
Online
OptiRefine
@OptiRefine
We build AuraWatch — a VS Code extension that scans AI-generated code for security vulnerabilities and fixes them automatically. Built in Ontario, Canada.
Toronto, ON
Joined April 2026
80 Following
5 Followers
79 Posts
Pinned Tweet
Tired of AI-generated code shipping with hidden vulnerabilities? Meet AuraWatch — the first enterprise-grade security scanner for VS Code that actually proves your code is safe. Deterministic analysis + Z3 symbolic execution. Real fixes. https://t.co/sidFVfe9AJ
@DecryptedTech Ha. The "AI will just fix it" take is everywhere right now. DNS client RCE is not the kind of thing that autocompletes its way to safety. These need actual patch management, not vibes.
AuraWatch is live on the VS Code Marketplace.
Version 1.0.0. Built in Ontario, Canada.
If you build with AI coding assistants, install it.
ext install OptiRefine.aurawatch
@Howaboua The problem isn't model quality — it's the gap between what the model writes and what the developer actually reviews. AI can write fine code, but if you're shipping 10x faster you're probably reviewing 10x less carefully. That's where the real exposure is.
@mnair1 The detection gap is the real problem. 6 found for every 1 fixed means the debt only grows.
The fix rate improves when you stop the vuln from entering the codebase at all. Catch it at generation, before it's in 6 places and costs 6x to remediate.
@BrettKessler__ The weak point isn't your data center — it's the code AI agents are writing to access it.
SQL injection, path traversal, hardcoded creds. Generated in seconds, shipped before anyone reviews it.
Security has to run at the same speed the code is produced.
@ArmisSecurity The paradox is real. AI writes code faster than any security review can keep up with.
The fix has to be in the editor, not downstream. By the time a vuln hits your pipeline it's already in 10 places.
Scan and patch at the point of generation.
@DarkReading The hard part isn't the agent going rogue — it's the code the agent writes before anyone notices. AI coding assistants are shipping SQL injection, hardcoded creds, and missing auth checks into prod every day. No one's treating that output as untrusted input.
@elijahadeyeye5 This is underrated. The worst pattern is stripping out auth checks or disabling CSP headers to hit a performance number, then shipping it. A fast site that leaks data isn't a win.
@Yanir_ Debug flags left in production are one of those bugs that looks embarrassing but is actually serious. Any app on the device getting account access is basically a privilege escalation for free. Good find.
@ChrisHervochon @github Good call on the org account. Code ownership is step one. The next problem is the code itself — AI assistants don't flag when they generate something with an injection flaw or a hardcoded secret. That's where a lot of vibe-coded projects are sitting right now.
@caneallesta The gap between concern and readiness is where incidents happen. Most teams are still treating AI agent security as a future problem. The code those agents write is already in prod.
@technerdali The prototype gap is real. Getting to something that runs is one thing, getting to something that's actually safe to ship is another. AI writes plausible-looking code fast but doesn't know your threat model.
Shipped at 2am.
AuraWatch caught the command injection at 2:01am.
Good tool to have.
@haveibeenpwned This pattern keeps showing up. Built fast, credentials stored poorly, then breached.
The bcrypt is the one thing done right. The real damage is email + IP combos — that's what fuels phishing and credential stuffing elsewhere.
64k is small. The downstream damage isn't.
AI models were trained on billions of lines of code.
A lot of that code had SQL injection in it. Path traversal. Hardcoded secrets.
The model learned the patterns. It reproduces them.
The fix isn't prompting better. It's scanning what comes out.
https://t.co/pwe8NBARXo
91.5% of vibe-coded apps had at least one hallucination-related vulnerability in Q1 2026.
Not most. Not many. 91.5%.
The AI isn't writing secure code. It's writing code that runs.
Those are different things.
The Moltbook breach:
- Launched January 28
- Founder said he "didn't write a single line of code"
- By day 3: 1.5M API tokens exposed, 35K emails leaked, private messages accessible
Vibe coding ships fast. Breaches ship with it.
~20% of AI-generated code references packages that don't exist.
Attackers register those package names. You install what your AI recommended. You get malware.
It has a name: slopsquatting. AuraWatch catches it.
https://t.co/pwe8NBARXo
6 CVEs from AI-generated code in January.
15 in February.
35 in March.
The code isn't getting worse. More of it is just shipping unread.
Wired: thousands of vibe-coded apps are leaking corporate and personal data.
Not surprising. The tools that write the code aren't built to catch what they introduce.
AuraWatch scans before you ship. AST-level, not regex. Catches what your AI missed.
https://t.co/pwe8NBARXo
Last Seen Users on Sotwe
Anh Hàng Xóm
Seen from Vietnam
GUILLERMO GUIJARRO
Seen from Spain
Cơm Tấm
Seen from Vietnam
Am Yalatmak Vajina Yalatmak #oralmasaj
Seen from Turkey
Ahmet
Seen from Turkey
Doggy POV
Seen from Turkey
แม่อุ๊ ลูก 2 แม่เลี้ยงเดี่ยว รับราชการ
Seen from Thailand
KING99
Seen from Vietnam
PECINTA IBU IBU
Seen from Singapore
Emperor Existimatio
Seen from United States
Trends for you
Most Popular Users
Elon Musk 
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers