About
Vulkro is a security vendor built on one conviction: a vendor should prove its claims. We build the security scanner for AI-written code. It runs entirely on your machine, gives the same verdict on the same commit every run, and publishes the benchmark that produces its accuracy numbers so you can re-run them yourself.
The conviction
Security tooling for the AI era has to be deterministic and local-first.
- Local-first. Scans run on your machine. Your code, file paths, and findings never leave it, and air-gapped operation is supported end to end.
- Deterministic. The scanner contains no AI. The same commit gets the same verdict every run, which is what a CI gate and an auditor both need.
- Proven, not asserted. The detection engine is the licensed product and stays proprietary. The proof that it works is public: the benchmark harness, the ground-truth corpus, and the scoring code. You clone the corpus, run the same commands we run, and get the same numbers we publish.
On the published corpus, Vulkro finds 44 of 76 catalogued bugs at 0.81 precision, drawing on 150+ checks. If a release regressed, the benchmark would show it, in your run as well as ours. The benchmark page walks through the methodology in full.
How we work
Vulkro is licensed per seat, directly through our team. The scanner requires an account, a 14-day trial of the full product starts on your first login, and licenses are set up by writing to hello@vulkro.com. There is no self-serve checkout: we work directly with every customer, and air-gapped environments get a license file that needs no network access. When a license or trial lapses, the CLI prints a one-line note and asks you to renew through us; your reports, scan history, and configuration stay on your machine.
Get in touch
- Security issues: security@vulkro.com (see the security policy)
- Sales and partnerships: contact@vulkro.com
- Everything else: hello@vulkro.com