In Russia, AI Analyzer to Find Errors in AI-Generated Code
The new Russian code analyzer can detect errors and vulnerabilities directly inside the dialogue window.
Russia has developed a tool that helps check the security of code generated by large language models. AppSec.Track has become the first domestic SCA analyzer integrated directly into an AI developer assistant’s dialogue window.
Instant Checks Inside the Workflow
SCA analyzers are used to detect third-party libraries and malicious packages in code. They identify vulnerabilities, outdated library versions, and potentially dangerous components.
Previously, checks were run in separate applications after the code had already been written. AppSec.Track has now integrated this control directly into the developer’s dialogue window with the AI assistant.
Criticize and Suggest
The program operates via MCP, the Model Context Protocol. This allows the AI assistant, at the developer’s request, to send generated code for inspection. AppSec.Track analyzes the packages used, cross-checks them against vulnerability databases, verifies whether such libraries actually exist, and evaluates how up to date they are. If the model “invented” a library, as often happens, or suggested an unsafe version, the system immediately highlights the problematic code fragment and proposes a corrected alternative.
For Beginner Coders
This is especially important for low-code and vibe-coding scenarios, where developers often take AI-generated code at face value due to a lack of deep technical expertise. In practice, language models may recommend outdated libraries, vulnerable versions, or even nonexistent packages – the so-called hallucinations. Such cases have already been described in studies by GitHub, OpenSSF, and OWASP. Researchers have specifically highlighted the risk of LLM hallucinations when working with open-source components.
AI Cannot Work Without Knowledge
According to AppSec.Track’s Director of Product, Konstantin Kryuchkov, modern AI-powered editors are capable of writing code and identifying syntax errors.
Anton Basharin of AppSec Solutions added:
The new tool will help development teams that are integrating AI assistants into everyday workflows. It significantly reduces risks associated with working with generated code.
