I built an AI vulnerability scanner with Claude and Codex. It failed (github.com)

A recent announcement highlighted the launch of "The Janitor," an advanced AI vulnerability scanner designed to tackle the vulnerabilities introduced by autonomous AI coding agents. This tool, built with Claude and Codex, aims to function as a structural firewall that deters 'Mythos-class' AI agents, which are increasingly capable of injecting vulnerabilities into code via pull requests (PRs). Unlike traditional static analysis or linter tools, The Janitor performs comprehensive, deterministic analyses on every pull request within seconds, ensuring code integrity before merging. Its design is particularly notable for implementing three formally verified layers of protection, namely IFDS taint analysis, Kani-proven predicates, and Z3 SMT exploit witness synthesis. The significance of The Janitor lies in its countermeasure to the evolving threat landscape where AI code generators are not just tools but semi-autonomous agents capable of creating vulnerabilities at scale. By operating entirely on-device and maintaining a "Zero-Upload Guarantee," The Janitor analyzes code without ever exfiltrating it from a user's environment, addressing significant compliance and privacy concerns. Moving forward, its roadmap promises innovations like Zero-Knowledge AST proofs and Labyrinth Deception techniques, which aim to further secure the development process by certifying code governance without revealing source details, a game-changer for organizations resistant to cloud-based solutions.