1-SEC Open Source Security

AI security co-pilot for GitLab Duo Chat. 16 defense modules, 65+ injection patterns, supply chain, ransomware, deepfake, quantum-crypto and more. Enterprise security, one conversation.

Comment

Inspiration

I built 1-SEC specifically for this hackathon — and it got completely out of hand. What started as a focused cybersecurity project turned into a full enterprise security platform with 16 defense modules, all packed into a single Go/Rust binary. SQL injection, prompt injection, supply chain attacks, AI agent containment, ransomware detection — it can secure any server in two commands.

But as the engine grew, I kept running into the same problem: runtime detection is reactive. By the time 1-SEC catches something in production, the vulnerable code already shipped. Developers need security feedback while they're writing code, not after it's live.

The GitLab AI Hackathon made the next step obvious. The Duo Agent Platform lets you build agents that live inside the developer workflow — right where the code is. I could take everything 1-SEC knows about security and put it directly in a developer's hands through Duo Chat and automated MR scanning. No context switching, no separate dashboard, no extra tools to learn.

The whole thing was a happy accident. I overbuilt the security engine without fully reading the hackathon instructions, then realized the agent format was exactly the right way to make it accessible to every developer on GitLab. Sometimes overachieving works out.

What it does

1-SEC Agent is a custom GitLab Duo agent with 8 security skills and an automated MR security scanning flow. It brings the detection knowledge from 1-SEC's 16 modules directly into GitLab.

The Skills

Security Review — Point it at any file in your repo and it scans for 60+ vulnerability patterns: SQL injection, XSS, command injection, SSRF, template injection, deserialization RCE, path traversal, credential exposure — with severity rankings, exact fixes, and CWE IDs.

Agent Hardening — Assesses AI agents against the full OWASP Agentic AI Top 10. Catches weak system prompts, excessive tool permissions, prompt injection vulnerabilities (65+ patterns), MCP supply chain poisoning, memory poisoning, and rogue agent behavior.

Scan MR — The one I'm most proud of. Tell it to scan a merge request, and it reads the diff, analyzes every changed file, and posts a formatted security report directly as an MR comment. No one has to remember to ask for a review — it just happens.

Secret Scan — Hunts for leaked credentials across your repo: AWS keys, GitHub/GitLab tokens, OpenAI keys, Stripe keys, database connection strings, private keys, JWTs. Always redacts what it finds — never echoes secrets into comments.

OWASP Check — Fast pass/fail compliance checklist against both OWASP Top 10 (2021) and OWASP Agentic AI Top 10. Auto-detects whether you're looking at a web app, API, or AI agent and applies the right checklist.

Pipeline Security — Audits your CI/CD configs, Dockerfiles, and Kubernetes manifests for supply chain attacks, secret exposure, and container misconfigurations.

Compliance Report — Full structured compliance assessment against OWASP, CIS Benchmarks, SOC 2, and NIST CSF with pass/partial/fail scoring.

Threat Model — STRIDE threat analysis extended with agentic threats. Maps trust boundaries, scores risks, and ties every mitigation back to a specific 1-SEC module.

Automated MR Security Scanning

The agent also powers an automated flow that triggers on merge request events. A security scanner agent reads the diff and posts structured findings as an MR comment — severity badges, code snippets, fixes, the works. Security reviews that happen without anyone asking.

How we built it

The entire 1-SEC platform was built for this hackathon. It started as a cybersecurity engine and snowballed into a 16-module platform with a Go core, Rust performance layer, REST API, web dashboard, and CLI — the kind of scope creep you don't regret.

The agent itself was the distillation step. I extracted the specific detection patterns, severity classifications, and remediation logic from the production codebase:

  • 65+ prompt injection patterns from the LLM Firewall module
  • 60+ injection rules from Injection Shield
  • OWASP Agentic AI Top 10 containment from AI Containment
  • Supply chain detection from the Supply Chain module
  • Credential patterns from Identity Monitor
  • Auth attack patterns from Auth Fortress

All of this got encoded into a system prompt built with modern agentic AI best practices — instruction hierarchy for prompt injection resistance, explicit tool safety policies, a self-verification step, and XML-delimited sections for reliable parsing. The agent doesn't call any external APIs. The security knowledge is baked into the prompt itself.

The project structure uses GitLab's native primitives: agents/agent.yml for the agent definition, skills/*/SKILL.md for each security skill, flows/ for the automated scanning flow, and AGENTS.md for project-level security guidelines.

Challenges we ran into

Scope management. 1-SEC was supposed to be a focused hackathon project. Instead I ended up building an enterprise-grade security platform that can secure any server in two commands. The challenge became: how do you take something that big and make it feel simple in an agent interface? Organizing around 8 developer-centric skills instead of 16 security modules solved that.

Prompt injection resistance for a security agent. This is ironic — we're building an agent that detects prompt injection, but the agent itself could be vulnerable to it through the code it scans. We added an instruction hierarchy that explicitly marks scanned code as untrusted data, so the agent won't follow instructions embedded in code comments or variable names.

Balancing thoroughness with false positives. Developers will stop using a tool that cries wolf. Every finding requires the agent to explain why it's dangerous and provide a specific fix — not just flag a pattern match. The self-verification step catches cases where the agent might be pattern-matching without actual exploitability.

Accomplishments we're proud of

  • Built an entire cybersecurity platform from scratch — 16 modules, Go/Rust, single binary, REST API, web dashboard, CLI — then distilled it into a Duo agent
  • Full OWASP Agentic AI Top 10 coverage (all 10 items, ASI01-ASI10) — uniquely relevant since every hackathon participant is building an AI agent
  • 8 security skills covering the complete security lifecycle from code review to compliance to threat modeling
  • Instruction hierarchy and refusal policies making the agent resistant to the very attacks it detects
  • Zero external dependencies — runs entirely within GitLab Duo, no API keys or infrastructure needed
  • Can secure any server in two commands — the underlying platform isn't a toy, it's production-ready
  • The MR scanning skill that actually posts findings on merge requests — "agents that take action," not chatbots that answer questions

What we learned

Building a security platform from scratch for a hackathon sounds insane, but it meant every detection pattern in the agent comes from real code, not generic advice scraped from documentation. The agent doesn't hallucinate vulnerability classes — it knows the exact patterns because they're the same ones the engine uses in production.

AI agent security is an emerging field with almost no developer tooling. Most people building agents have no way to check for prompt injection, tool misuse, or memory poisoning. The OWASP Agentic AI Top 10 exists as a framework, but almost nothing operationalizes it where developers actually work.

The biggest takeaway: the most effective security tool is the one that's already in your workflow. A great scanner in a separate dashboard gets ignored. An agent that comments on your MR with the exact line and fix actually gets used.

What's next for 1-SEC Agent

  • Live 1-SEC integration — Connect the Duo agent to a running 1-SEC instance's REST API for real-time threat intelligence alongside static pattern matching
  • Fix generation — Automatically create fix MRs for detected vulnerabilities, not just comments
  • GitLab CI component — Packaged as a reusable CI/CD component any project can drop into their pipeline
  • Community pattern packs — Crowdsourced detection patterns contributed as skills

Built With

Share this project:

Updates