Tag: AI

Posted on
by

I have been working on a tool called Vulture for past few months. This was derived out of urgent need to ensure reliable software development is still possible in an where era code is generated & not written. Since the roll out and transition to agentic, LLM driven software development workflows, the lines of code and the DORA metrics from multiple product teams had dramatic & drastic patterns. While the lines of code is not exactly a metric that we track anymore, the increase was alarming and combined with the new features shipped, this raised questions on reliability. We switched terms from Vibe Coding to Context engineering and introduced quality gates but the fact remained the same that the amount of code getting generated huge. Its impossible review or test it throughly.

A while ago, I had faced a malware infection which was sophisticated and well orchestrated with numerous attack vectors tried one after another and simultaneously sharing whatever credentials available for profit. It was relentless, result driven and intelligent. This made a clear indication of what’s coming – any software that has the simplest loop holes will be exploited much more easily than ever.

Software reliability and security are two areas that wanted immediate attention & this was uncharted waters. Historically we have heard about software development timelines slipped, engineers struggling to deliver – suddenly all that flipped. Product Managers, Designers & DevSecOps suddenly become the only thing standing between developers and features. 

Introduction of guard rails by better reviews, tooling, shifting the workflow to left (Shift Left, Proofs) meticulously is the only way to ensure secure and reliable software. 

Beyond the deadlines and features, there is a basic requirement any system needs to meet – reliability.

Vulture is born out of this necessity. 

Vulture’s Claws

Audits of the code base, deep discovery of endpoints, a final verification of the findings in a multi phase agentic workflow inspired by the Claws philosophy drives Vulture. Vulture can work with any LLM irrespective of local or remote. Each iteration learns more about the source and vulnerabilities and avoids redundant work & saves precious tokens. Vulture has a plugin architecture allowing it to orchestrate external tools and frameworks.  The phase transitions are validated with Isabella proof assistant and verified against dummy targets to ensure correctness – a tall claim, but there is more to follow.

Vulture in action:

(Figure 1 : A sample scan report)

(Figure 2: Verification of reported findings against an environment.)
(Figure 3: Vulture agents connected to Qwen3.5 35B running locally )
[Figure 4: Audit report]

The next steps involve planning integration with CI/CD in a seamless manner and track the issues reports accurately and make it available with the developers to act and remediate the issues. Right now Vulture remains private and perhaps making it public is an option to be investigated as well.