Everything you need to know about Egida

Egida is an AI-powered security scanner purpose-built for applications created with AI development tools like Lovable, Bolt, Replit, Cursor, and similar platforms. We provide plain English security reports that don't require any security expertise to understand. Our reports include step-by-step, copy-paste fixes so you can remediate vulnerabilities immediately without needing to hire a security consultant.

Just paste your app's URL. In under 60 seconds, we download your JavaScript files, check your server settings, and probe for exposed files — exactly what any visitor (or attacker) can see. We run 25 checks covering secrets, database security, headers, and common leaks. You'll see your top 3 critical issues with plain-English explanations and copy-paste fixes. No signup required.

Not at all. Everything in Egida is designed to be understood by non-technical founders. We explain every vulnerability in plain English, avoiding security jargon and technical acronyms. Each issue comes with severity ratings that make sense at a glance, and we provide copy-paste fixes you can apply directly to your code. You don't need to understand CVSS scores, OWASP categories, or anything else — just clear explanations and actionable solutions.

Egida is built for the entire modern development stack. We support applications built with Lovable, Bolt.new, Replit, Cursor, v0, and other AI code generation tools. Our scanning also works with Next.js projects, Supabase and Firebase backends, and applications deployed to Vercel. Essentially, if you built your app with AI tools or traditional frameworks and deployed it online, we can scan it.

Yes. Your code is processed entirely in memory during the scan and is never persisted to any storage system. We don't save your source code, don't log it, and don't store it in databases. Immediately after we complete the scan and deliver your results, the code is deleted from memory. Your code never touches a hard drive or permanent storage.

No, we never store your source code. We analyze your code in real-time during the scanning process and then discard it. We only save the results of our scan — the vulnerabilities found and recommendations — not the actual code itself. This means your proprietary code, logic, and implementation details remain completely private.

Completely. Your scan results are private to your account. We never share, publish, or distribute your results to anyone without explicit permission. Only you can view your security reports. If you have a Launch Certificate, you can choose to share the certificate page with investors, users, or anyone else, but that's entirely your decision. By default, all results remain confidential.

We collect minimal data. Specifically: the URL you submit for scanning, the scan results (which are linked to your account if you're logged in), and payment information processed through Stripe if you purchase a paid plan. We don't track your behavior across the web, don't sell your data, and don't use it for marketing purposes. See our Privacy Policy for complete details on how we handle your information.

The Free Scan runs 25 surface checks and shows your top 3 issues. The Launch Certificate ($29 one-time) runs the same 25 checks but reveals all results, plus gives you a PDF report, embeddable badge, and public certificate page. Founder Pro ($49/month) goes deep — it connects to your GitHub and backend config to run 130 checks covering your actual source code, dependencies, database rules, and auth logic. Pro also includes weekly automated re-scans and trend tracking.

The embeddable badge is an HTML snippet you can add to your landing page when you have an active Launch Certificate. It displays a "Secured by Egida" badge with a link to your certificate verification page. This builds trust with your users by showing them that your application has been professionally security scanned and certified. The badge is linked to your certificate, so when visitors click it, they see proof of your security commitment.

Continuous monitoring is included in Founder Pro ($49/month). You connect your GitHub repository via OAuth. We then run weekly automated re-scans across all 130 checks — your code, dependencies, and backend config. If we detect new issues, you'll get an email alert. You also get trend tracking so you can see whether your security posture is improving or getting worse over time.

Yes, with Founder Pro ($49/month). When you connect your GitHub account via OAuth, you grant Egida read-only access to your repositories. This secure OAuth flow means you're never sharing credentials directly with us — GitHub manages the authentication. We only read your code; we never write to your repo or store your source code.

Yes. Cancel anytime with no lock-in or termination fees. Your first deep scan runs immediately when you sign up — think of it as a one-time deep scan with optional ongoing monitoring. The Launch Certificate is a one-time purchase, so there's nothing to cancel there.

We offer a 30-day money-back guarantee on all paid plans. If you purchase the Launch Certificate or Founder Pro and aren't satisfied within 30 days, email [email protected] and we'll refund in full. No questions asked.

We're building an Agency tier with white-label reports and multi-project dashboards. Email [email protected] to get on the waitlist — we'll reach out when it's ready.

Egida runs up to 130 security checks across four categories: the OWASP Web Top 10, the OWASP API Top 10, the OWASP LLM Top 10, and 20 checks specific to AI-generated code patterns. We look for exposed API keys, missing Supabase RLS, hardcoded secrets, SQL injection, broken authentication, hallucinated npm packages, insecure headers, and more. The free scan runs 25 surface-level checks; Founder Pro runs all 130 including source code and config analysis.

We focus on accuracy over quantity, which means we minimize false positives. Rather than overwhelming you with low-confidence warnings, every finding we report includes a clear confidence level and specific evidence showing why we flagged it. Our detection patterns are designed based on real vulnerabilities found in AI-generated code, not just generic security rules. This means what we report is actionable and worth your attention.

Founder Pro includes GitHub integration with weekly automated re-scans. Full CI/CD pipeline integration (GitHub Actions, GitLab CI, etc.) is on our roadmap. Email [email protected] if this is important to your workflow — we'd love to hear about your setup.

Our scans are automated and cover known vulnerability patterns. They are not a replacement for a full penetration test by professional security researchers. We clearly state the scope of what we scan for — we're exceptionally good at catching AI-specific vulnerabilities and common misconfigurations, but we don't attempt to cover every possible security vulnerability under the sun. For the most sensitive applications or compliance requirements, you should combine Egida with other security tools and potentially professional penetration testing.