Oussema | Where AI Meets Money & Security

i run two AI models on my project. one builds, one reviews. and i made one rule that changed everything: the reviewer is never allowed to trust the builder's report when the builder finishes a task it writes a summary "done, everything works, tests pass." most people read that and move on my reviewer model ignores the summary completely. it reads the actual source code line by line. it re-runs the tests itself. it independently verifies every claim before approving anything because here's what i learned building with AI: the model that writes the code is the worst possible judge of whether that code is correct. it's confident. it's convincing. and it's wrong just often enough to hurt you trust is not a security model. verification is. the build report means nothing. only the source code tells the truth

I spent the last few months building a security scanner and testing it on some of the biggest platforms on the internet. One of them had a vulnerability where any website could make requests on behalf of a logged-in user without them knowing just silently in the background on a platform with over a billion active users. Another one was a privacy-focused organization. Their entire brand is built on anonymity and protecting user data. They were running Google Analytics on their own website. Every visitor tracked by the exact company they were trying to protect people from. Another had their SSL certificate , the thing that encrypts everything between you and the app expiring in 7 days. On a platform used by 2 billion people. Well most of the time it is auto renew btw .. Anyway these aren't small startups. These are platforms with hundreds of engineers and security teams. So what i learned: security at scale isn't about having the best team. It's about having systems that catch what humans miss because we always miss something. That's literally why i'm building what i'm building.