DevSentinel AI

💡 Inspiration

Modern developers ship code at an unprecedented speed — but security has not kept up. Every product today integrates AI, third-party APIs, and complex pipelines, creating ( O(n) ) new vulnerabilities for every feature shipped.

I’ve seen two repeating problems:

Developers don’t have security expertise.

Security teams can’t manually audit fast enough.

This bottleneck inspired me to build DevSentinel AI — a system where autonomous AI agents continuously review code, detect vulnerabilities, and generate secure fixes before deployment.

The goal was simple:

Make secure development the default, not a luxury.

🛠️ What It Does

DevSentinel AI automatically:

Scans code for vulnerabilities using Snyk + custom SAST

Computes a Security Risk Score (0–100)

Highlights vulnerable lines with severity labels

Generates AI explanations (what went wrong + why it’s dangerous)

Suggests secure fixes (patches written by Gemini 1.5 Pro)

Lets developers re-scan, iterate, and export reports

It's like pairing every engineer with a full-time AI Security Engineer.

🧱 How We Built It

The system is built on a fast, modern full-stack mesh:

Next.js 14 (frontend + backend)

Supabase (auth, database, file storage)

Snyk API (vulnerability scanning)

Custom SAST (regex-based detection for secrets, XSS, SQLi)

Gemini 1.5 Pro using Vercel AI SDK

shadcn/ui + Tailwind for developer-friendly UI

Vercel for deployment

Workflow Architecture

Upload code (ZIP / GitHub URL / paste).

Extract → scan → generate vulnerability list.

AI explains each finding + proposes secure fix.

Dashboard visualizes everything in a dev-friendly UI.

📚 What I Learned

Building DevSentinel taught me:

How to design agentic AI systems

How LLMs behave on unstructured code

How to merge SAST tools with LLM reasoning

Why prompt injection & hallucination require strict control

How to build secure UIs for developer tooling

How to orchestrate AI to generate consistent patch diff blocks

I also learned that security is fundamentally a data-flow problem, which made Next.js an ideal framework.

🚧 Challenges

Getting AI to generate consistent, deterministic patch code

Handling large files (chunking + caching)

Merging Snyk + Custom SAST into a single vulnerability format

Ensuring the system doesn’t hallucinate false positives

Building a smooth coding dashboard in under a week

Prioritizing impact > complexity for MVP delivery

The hardest part was balancing speed of development with accuracy of security analysis, especially under time constraints.

Built With

1.5
ai
api
css
gemini
google
nextjs
postgresql
react
regex-based)
rocketai
sdk
snyk
supabase
typescript
vercel

Submitted to

AETHRA GLOBAL VIBEATHON 2025

Created by

I led the core research, architecture, and AI security engineering behind DevSentinel AI. I identified the market pain point through cybersecurity research and designed the full concept of an autonomous AI Security Engineer for code auditing. I built the multi-agent workflow, integrating Snyk, custom SAST rules, and Gemini-based vulnerability interpretation and patch generation.
I designed the risk-scoring system, orchestrated backend–AI pipelines, and created the technical flow for code ingestion, analysis, and reporting. Additionally, I handled the project direction, security logic, and ensured the MVP aligned with real-world developer needs.

Naveen Patil
CSE student | 7x Hackathon Finalist | Building in Cybersecurity + AI/ML | Tech Entrepreneurship
Naveen Patil
CSE Student | 10× Hackathon Finalist | Building at the intersection of Cybersecurity & AI
Private user

Updates

Naveen Patil started this project — Dec 05, 2025 01:35 PM EST

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.