Memory poisoning in AI coding agents

AI-powered application security platform for developers. 19 security agents. 80+ attack classes. One command. Ship Safe v7.0.0 is an AI-powered security platform that runs 19 specialized agents in parallel against your codebase, scanning for secrets, injection vulnerabilities, auth bypass, SSRF, supply chain attacks, memory poisoning, Supabase RLS misconfigs, Docker/Terraform/Kubernetes misconfigs, CI/CD pipeline poisoning, LLM/agentic AI security, MCP server misuse, RAG poisoning, PII compliance, vibe coding patterns, exception handling, AI agent config security, and more. Full OWASP Agentic AI Top 10 mapping (ASI01–ASI10) enriches every finding. Live OSV.dev advisory feed surfaces actively exploited CVEs within hours of disclosure. OWASP 2025 scoring with EPSS exploit probability. LLM-powered deep analysis verifies exploitability of critical findings. Secrets verification probes provider APIs to check if leaked keys are still active. Compliance mapping to SOC 2, ISO 27001, and NIST AI RMF. Built-in threat intelligence feed with offline-first IOC matching. CI integration with GitHub PR comments, threshold gating, and SARIF output. v7.0.0 highlights: New Memory Poisoning Agent — the first scanner purpose-built for instruction injection in AI agent memory files (.claude/memory/ , .cursorrules , .cursor/rules/ , .windsurfrules , and more). Live advisories command (ship-safe advisories . ) queries OSV.dev in real time — no API key, no stale data. Deep watch mode (--deep ) runs the full 19-agent orchestrator on every file change and persists results to .ship-safe/watch.json . OWASP Agentic AI Top 10 metadata (ASI01–ASI10) attached to every relevant finding. Trojanized package behavioral detection catches env-var harvesting, DNS exfiltration, and WebSocket C2 patterns inside node_modules . Expanded agent config discovery covers Gemini CLI, Cody, and Augment Code. Gemma 4 (--provider gemma4 ) supported as the default local model via Ollama structured output — zero JSON parse failures. Documentation | Blog | Pricing # Full security audit — secrets + 19 agents + deps + remediation plan npx ship-safe audit . # LLM-powered deep analysis (Anthropic, OpenAI, Google, Ollama, Gemma 4) npx ship-safe audit . --deep # Red team scan only (19 agents, 80+ attack classes) npx ship-safe red-team . # Scan only changed files (fast pre-commit & PR scanning) npx ship-safe diff npx ship-safe diff --staged # Live OSV.dev advisory feed — no API key, no stale data npx ship-safe advisories . # Continuous monitoring npx ship-safe watch . # Lightweight file watcher npx ship-safe watch . --deep # Full 19-agent scan on every change npx ship-safe watch . --deep --threshold 80 # Fail if score drops below threshold npx ship-safe watch . --status # Show last deep-watch results # Fun emoji security grade with shareable badge npx ship-safe vibe-check . # Compare your score against industry averages npx ship-safe benchmark . # Quick secret scan npx ship-safe scan . # Security health score (0-100) npx ship-safe score . # CI/CD pipeline mode — compact output, exit codes, PR comments npx ship-safe ci . npx ship-safe ci . --github-pr # Accept current findings, only report regressions npx ship-safe baseline . npx ship-safe audit . --baseline # Check if leaked secrets are still active npx ship-safe audit . --verify # Environment diagnostics npx ship-safe doctor # Install Claude Code hooks — real-time secret blocking + advisory scan npx ship-safe hooks install npx ship-safe hooks status npx ship-safe hooks remove One command that runs everything and generates a full report: npx ship-safe audit . ════════════════════════════════════════════════════════════ Ship Safe v7.0 — Full Security Audit ════════════════════════════════════════════════════════════ [Phase 1/4] Scanning for secrets... ✔ 49 found [Phase 2/4] Running 19 security agents... ✔ 103 findings [Phase 3/4] Auditing dependencies... ✔ 44 CVEs [Phase 4/4] Computing security score... ✔ 25/100 F Remediation Plan ════════════════════════════════════════════════════════ 🔴 CRITICAL — fix immediately ──────────────────────────────────────────────────────── 1. [SECRETS] Rotate Stripe Live Secret Key .env:67 → Move to environment variable or secrets manager 2. [INJECTION] Unsafe pickle.loads() backend/ai_processor.py:64 → Use JSON for untrusted data 🟠 HIGH — fix before deploy ──────────────────────────────────────────────────────── 3. [XSS] dangerouslySetInnerHTML without sanitization frontend/src/utils/blogContentRenderer.jsx:50 → Add DOMPurify ... 149 more items in the full report 📊 Full report: ship-safe-report.html What it runs: - Secret scan — 50+ patterns with entropy scoring (API keys, passwords, tokens) - 19 security agents — run in parallel with per-agent timeouts and framework-aware filtering (injection, auth, SSRF, supply chain, config, Supabase RLS, LLM, MCP, agentic AI, RAG, memory poisoning, PII, vibe coding, exception handling, agent config, mobile, git history, CI/CD, API) - Dependency audit