# What AI Code Audit Finds

AI Code Audit reasons about your source code using the agentic engine [Aikido Pentest](/pentests/aikido-pentest.md) is built on. It covers the vulnerability classes Pentest validates, plus issues Pentest can't safely or reliably reach against a running app. The trade-off is that purely runtime concerns still need a live target. Each finding ships with code-based Evidence — see [Track Progress and Findings](/ai-code-audit/track-progress-and-findings.md) for how to read it.

## Coverage at a glance

AI Code Audit reasons about the issue classes Aikido Pentest validates, including:

* **Access control** — IDORs / BOLA, broken access control, and privilege escalation across tenants and roles.
* **Injection flaws** — SQL, NoSQL, LDAP, XPath, command injection, RCE, and server-side template injection (SSTI).
* **Cross-site and client-side attacks** — stored and reflected XSS, CSRF, open redirects, and unsafe client-side data handling.
* **Authentication and session logic** — weak flows, missing checks, session-handling errors, and hard-coded credentials in auth code.
* **SSRF, deserialization, and file handling** — unsafe URL fetches, dangerous deserialization, path traversal, and unrestricted upload patterns.
* **Cryptographic failures** — broken algorithms, weak signatures (e.g., JWT), and sensitive data exposure in code paths.
* **Business logic flaws** — workflow bypasses, payment and checkout shortcuts, and multi-step exploit chains.
* **Agentic application risks** — prompt injection, excessive agency, insecure tool use, and the rest of the [OWASP Top 10 for Agentic Applications](/pentests/coverage-and-findings/what-issues-can-aikido-pentest-find/owasp-top-10-for-agentic-applications.md).

For the full vulnerability catalog, see [What Issues Can Aikido Pentest Find?](/pentests/coverage-and-findings/what-issues-can-aikido-pentest-find.md) — every class listed there is in scope for AI Code Audit unless it appears in **What still needs a live target** below.

## Beyond what a live pentest reaches

Some issues are easier — or only — visible from source. AI Code Audit reasons about them directly, even when a live pentest couldn't safely or feasibly reach them:

* **Code paths gated by credentials Pentest doesn't have.** If you don't provide an admin or manager account to a Pentest, the admin panel won't be exercised. AI Code Audit still reads that code and reports issues like SQL injection in admin-only routes.
* **Denial-of-service and resource-exhaustion patterns.** Live pentests can't safely run these against your app. AI Code Audit flags them from code — algorithmic complexity attacks like ReDoS, hash-collision DoS, and exponential parsers.
* **Code paths that aren't externally reachable yet.** Newly merged routes that haven't deployed, feature-flagged code, and dormant branches are visible to source-level reasoning even when nothing at runtime exposes them.

## What still needs a live target

Some checks only make sense against a running application. AI Code Audit can flag risky configuration in source, but it can't confirm what your environment actually does on the wire. For these, use [Aikido Pentest](/pentests/aikido-pentest.md):

* **TLS and transport posture** — cipher suites, protocol versions, certificate chains, and HSTS as served.
* **HTTP security headers as delivered** — AI Code Audit can see whether headers are set in code, but not what your CDN, WAF, or edge layer actually sends to a client.
* **Rate limiting and abuse protection in practice** — code can show that limits exist; only a live run proves they hold up.
* **CORS behavior at the edge** — same caveat: configuration is visible, real responses are not.
* **Web cache poisoning** — requires interacting with a live cache.
* **Credential stuffing, brute force, and CAPTCHA bypass** — live-only by definition.
* **DOM-based XSS as actually rendered** — AI Code Audit reasons about source; runtime rendering needs a browser.

## Application types and languages

AI Code Audit isn't limited to web apps. Agents reason across whatever source the connected repositories contain, including non-web applications like mobile apps, smart contracts, and desktop apps.

Agents work across mainstream application languages, configuration, and infrastructure-as-code the same way a developer would. The audit treats the whole repository as in scope, including monorepos with multiple services or packages, and follows references across files and modules to surface multi-step issues.

## Not sure if your scope is covered?

Open the **Intercom chat** in the bottom right corner. Our team can confirm coverage for a specific framework, application type, or finding class before you spend credits.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.aikido.dev/ai-code-audit/what-ai-code-audit-finds.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.