HacktronAI

Your AI teammate for application security. Hacktron collaborates directly in your IDE, identifies real vulnerabilities, and empowers security researchers and developers to move faster.

• Scan codebases for security vulnerabilities
• Review PRs for security issues
• Validate vulnerabilities
• Get AI-assisted remediation guidance
• Run specialized security agent packs and skills
• Create PoCs

Features

Chat Interface

Have a conversation with your AI security engineer directly in VS Code. Ask security questions, request vulnerability assessments, or get help patching issues.

• Reference files with @filename

Agent Packs

Run specialized security workflows with pre-built agent packs. Each pack targets specific vulnerability types or workflows.

Example pack:

• supabase — Find missing Row Level Security policies
• domxss — Find common DOM XSS vulnerabilities in your JavaScript

Select an agent, hit "Start scan", and let the AI do the work.

Personal Agents

Create custom vulnerability detection agents from natural language descriptions. Describe a vulnerability pattern, and HacktronAI generates an agent with detection rules.

• Create agents from vulnerability descriptions
• Manage in Settings → Agents tab

Example: "SQL injection in Ruby on Rails ActiveRecord where user input is passed to .where() without sanitization"

Skills

Extend HacktronAI with installable skills for specialized tasks. Skills add domain-specific knowledge and capabilities.

• Install from GitHub URLs (auto-parses paths)
• Install from local directories
• Enable/disable skills per session
• User-level or workspace-level installation

Example:

https://github.com/HacktronAI/skills/tree/main/patch-diff-analyzer

Code Editing for PoCs

HacktronAI can suggest and apply code fixes with an inline diff view. Review changes before accepting.

Findings Panel

Track all discovered vulnerabilities in one place. Filter by severity, search by keyword, and navigate to affected code with one click.

• View findings across all sessions
• Copy vulnerability reports
• Delete false positives
• Export for reporting

Rules

Define custom security guidelines that the AI will follow. Create rules at two levels:

• Global Rules (~/.hacktron/rules/) — Apply to all projects
• Workspace Rules (.hacktron/rules/) — Project-specific guidelines

Write rules in natural language. The AI incorporates them into its analysis.

Multi-Model Support

Use HacktronAI's optimized models or bring your own API keys:

• OpenAI (GPT-4, GPT-4o)
• Anthropic (Claude)
• Google (Gemini)

Switch models on the fly from the model selector.

Quick Start

1. Install the extension from VS Code Marketplace
2. Open the HacktronAI panel (Cmd+Opt+H / Ctrl+Alt+H)
3. Sign in with your HacktronAI account
4. Start scanning — ask a question or run an agent pack

Commands

Privacy & Security

SOC 2 Compliant — View our controls at trust.hacktron.ai

Zero Data Retention — We have ZDR agreements with all AI providers (OpenAI, Anthropic, Google). Your code is not stored or used for training.

Support

• Discord — Join our community
• Email — hello@hacktron.ai
• Website — hacktron.ai

License

See LICENSE.md for details.