Agentic Security Review: An Adversarial Code Security Audit Framework for AI Programming Assistants

Agentic Security Review (ASR) is an authorized adversarial code security audit framework designed for AI programming assistants such as Codex and Claude Code. Through multi-agent collaboration, it discovers cross-file reasoning vulnerabilities, business logic flaws, and AI tool configuration risks, and generates structured security reports containing evidence, severity levels, repair suggestions, etc. Its positioning is to complement traditional static scanners, focus on complex logic vulnerabilities, and provide an integrable security audit process for open-source maintainers.

Modern static security scanning tools excel at detecting known vulnerability patterns (e.g., SQL injection, XSS), but they are insufficient in facing new challenges brought by the popularity of AI programming assistants: they cannot effectively handle scenarios such as cross-file logical reasoning, business rule understanding, and AI tool configuration permission risks (e.g., low-privilege users accessing cross-tenant data, frontend-only authorization verification, Webhook bypassing security checks), which are beyond the scope of traditional pattern matching capabilities.

ASR provides multi-mode audits (single-agent quick check, multi-agent deep collaboration, patch incremental audit), generates standardized JSON reports (including basic information, vulnerability details, impact analysis, repair guidance), and supports multi-tool ecosystem integration (Codex/Claude dedicated skill files). Technically, it is developed in Python, with core scripts including run_review.py (for prompt generation), validate_report.py (for report validation), etc., and also supports GitHub Actions automated integration.

The example vulnerability ASR-001 shows that ASR can discover cross-tenant access control failure issues (CWE-639, OWASP A01:2021). Comparison with traditional tools: traditional tools are good at known patterns and syntax matching, with low false positives but limited analysis depth; ASR focuses on cross-file reasoning and business logic, with strong semantic understanding but higher execution cost. Combining the two is the best practice.

ASR represents an important direction for AI-assisted security audits, transforming the code audit capabilities of AI programming assistants into repeatable and integrable processes. For open-source maintainers, it can improve the quality of code security audits; for researchers, it provides an AI-assisted vulnerability discovery platform. In the future, with the maturity of multi-agent collaboration, it is expected to become an important part of the open-source security ecosystem.

The usage flow includes environment preparation (clone the repository, install dependencies), generate prompts, execute the audit, validate the report, and export SARIF. On security boundaries, it is necessary to follow the principle of authorized audits (only audit authorized code, no real-time vulnerability exploitation), and clarify that ASR is not a real-time scanner or vulnerability exploitation framework, and cannot replace professional audits.