Vyne: A Deterministic Security Detection Layer for AI-Generated Code

A Python code security scanning tool based on AST heuristic reasoning that detects hallucinated dependencies, dangerous execution patterns, and key leaks in AI-generated code without relying on LLMs.

With the popularity of AI programming assistants like GitHub Copilot and Cursor, developers' code-writing efficiency has been greatly improved. However, this "rapid generation" model also brings new security risks. AI models may produce "hallucinations" when generating code—fabricating non-existent dependency packages, introducing libraries with known vulnerabilities, or leaving hard-coded keys and tokens in the code.

Traditional static code scanning tools (such as Bandit and Semgrep) are mainly designed for human-written code and have limited ability to recognize patterns unique to AI-generated code. This has spurred the demand for security detection tools specifically targeting AI-generated code.

Vyne is a security signal detection tool designed specifically for AI-assisted generated Python code, developed by the Shards-Of-Sapphire team. Its core concept is an "organic, deterministic security layer"—relying entirely on heuristic AST (Abstract Syntax Tree) reasoning to detect issues without any dependence on LLMs.

Unlike AI-based security tools, Vyne uses a purely structured intelligent analysis method: it converts target files into syntax trees via the Tree-sitter parser, then runs specialized scanners on them for detection. This method has advantages such as high determinism, strong interpretability, and low operational cost.

Vyne focuses on detecting three types of high-risk issues that are easily overlooked in AI-generated code:

AI models sometimes "invent" non-existent Python package names, or recommend deprecated dependencies with known vulnerabilities. Vyne identifies suspicious third-party library references by analyzing import statements and dependency declarations, helping developers detect issues before installing dependencies.

AI-generated code may contain improper use of dynamic code execution functions like eval(), exec(), compile(), or dynamic imports implemented via mechanisms such as import() or importlib. These patterns are reasonable in specific scenarios, but often lack sufficient security context in AI-generated code. Vyne can identify these dangerous patterns and mark the risks.

AI models sometimes "recall" seemingly reasonable API keys, database connection strings, or JWT tokens from training data. These high-entropy strings look like real credentials, but they may actually be synthetic or leaked sensitive information. Vyne identifies potential key leaks through entropy analysis and pattern matching.

Vyne's tech stack is designed to be concise and efficient:

Parsing Layer: Uses Tree-sitter to parse Python source code into AST. Tree-sitter is an incremental parser generator known for its speed and robustness, capable of handling syntax-incomplete code snippets.

Scanning Layer: Runs multiple specialized scanners on the AST and original source code. Each scanner is responsible for specific types of detection tasks, such as dependency analysis, dangerous function call identification, key pattern matching, etc.

Output Layer: Returns detection results in a structured format to the CLI, API, or web dashboard. This design allows Vyne to be easily integrated into CI/CD pipelines.

The workflow is as follows:

1. Read the target Python file
2. Parse into AST using Tree-sitter
3. Run multiple scanners in parallel for analysis
4. Aggregate results and generate a structured report
5. Display findings via CLI, API, or dashboard