SCA bypass on step-up
A copilot rewrite collapses a 3DS challenge into a synchronous redirect. VibeDefend restores the step-up and blocks the merge.
Blocked before merge
BLSA · FinTechLive for design partners
Compliance is logic. We test it like code.
PSD2, SCA, KYC, AML. Every regulator clause is a path through your code. VibeDefend traces each one through your agent's PRs and blocks the rewrite the moment it breaks the contract.
blsa://fintech - live
BLSA in motion · FinTechlive loop
- 11
- regulator clauses traced as code paths
- PSD2 + AML
- 100×
- cost in prod vs at the prompt
- remediation
- 0
- spreadsheets in our pipeline
- ever
Public-research collaboration
BLSA is built in collaboration with the CNRS and the CRIStAL laboratory (Université de Lille). Together we're prototyping a brand-new class of scanner that reasons about your codebase's business logic, the kind of risk no syntactic SAST has ever caught.
What we catch
FinTech exploits regulators flag, scanners don't.
Logic flaws hit every audit. VibeDefend puts them in the PR check, not the post-mortem.
KYC tier drift
An onboarding PR widens the verified-user scope by one role. VibeDefend surfaces the tier change in the diff before review.
Blocked before mergeAML threshold rewrite
Threshold logic moved to an env var with no default. VibeDefend pins the contract and refuses unsafe defaults.
Blocked before mergeLive · just shipped
Install VibeDefend in 5 seconds.
One command. Every coding agent on your laptop wired to CybeDefend: business rules mined from your code, security rules from the frameworks your auditors expect, action guards that block dangerous calls before they fire.
Install in 5 secondsNode 18.17+
npx -y @cybedefend/vibedefend@latest installAuto-detects
Claude Code
Cursor- OpenAI Codex
Windsurf
VS Code Copilot
Read the README on npm