GuardianMR

AI security engineer that finds the bugs every tool misses, fixes them, and verifies the fix.

Comment

Inspiration

The application security testing market is $4 billion and growing 24% annually. Cogent Security just raised $42M (Feb 2026) for AI vulnerability auto remediation. This isn't a toy, it's a working solution to a $10.5 trillion problem.

Traditional SAST tools produce up to 48% false positives (NIST/Tolly 2024) and miss business logic vulnerabilities entirely. Broken Access Control is OWASP #1, 94% of apps are vulnerable, yet no scanner catches auth bypasses, IDOR, or privilege escalation. Fixing a bug in an MR costs $100; fixing it in production costs $100,000 (IBM). 48% of AI generated code contains vulnerabilities (NetCorp 2025). Every 13 minutes, a new CVE is published.

GitHub has Copilot Autofix. GitLab had nothing equivalent. We built GuardianMR to fill that gap. Not just a reviewer, but a full AI security engineer that finds, fixes, and verifies. [Grand Prize] [Most Impactful]

What it does

GuardianMR is a Duo Flow on GitLab that performs security focused code review on merge requests and then auto fixes the vulnerabilities it finds. Mention the service account on any MR and it:

  1. Reads the diff and traces authentication flows across files
  2. Posts a detailed security review with severity ratings, CWE identifiers, attack scenarios, and diff style fixes
  3. Auto fixes vulnerabilities. Reply "fix it" and it commits the fix directly to your branch
  4. Re reviews after fixes to verify correctness and discover deeper issues that were previously masked

Across 17 merge requests, GuardianMR found and auto fixed 246 vulnerabilities covering 74+ CWE categories. On the mega test (MR !13), it found and fixed 27 CWE categories in a single pass from one comment. Zero false positives across everything.

How we built it

GuardianMR runs as a Duo Flow using the ambient environment with 11 built in GitLab tools. When triggered via mention on an MR:

  1. Uses get_merge_request and list_merge_request_diffs to read the MR
  2. Uses get_repository_file to trace related files (auth middleware, models, config) across the entire codebase
  3. Claude reasons about OWASP Top 10 logic vulnerabilities, tracing data flows end to end
  4. Verifies each finding by checking for framework protections and mitigating controls
  5. Posts a comprehensive security review via create_merge_request_note
  6. When triggered with "fix it," uses create_commit to commit fixes directly to the MR branch
  7. On re review, verifies fixes are correct and discovers deeper issues

The flow orchestrates 11 tools: get_merge_request, list_merge_request_diffs, get_repository_file, list_repository_tree, create_merge_request_note, post_duo_code_review, build_review_merge_request_context, list_security_findings, create_commit, create_merge_request, edit_file.

Challenges we ran into

  • The ai-catalog-sync validator expects flow/agent YAML at root flows/ and agents/ directories (not .gitlab/duo/). Took several pipeline iterations to discover the correct path by studying a working competitor's project
  • Context variables like context:merge_request caused silent agent crashes. Switching to only context:goal fixed model routing
  • The agent needed explicit project_id in the trigger message to resolve API calls. The platform doesn't automatically inject project context
  • "Available chat models: null" in workload logs was misleading. The model still works despite this warning
  • Service account permissions needed Developer access for auto fix commits. Verified via API before building

Accomplishments we're proud of

  • 246 vulnerabilities auto fixed across 17 merge requests covering 74+ CWE categories [Most Technically Impressive]
  • The mega test (MR !13): 27 CWE categories found and fixed in a single pass from one comment. SQL injection, XSS, IDOR, JWT confusion, race conditions, mass assignment, command injection, deserialization, path traversal, SSRF, SSTI, XXE, CORS, CSRF, session fixation, and more. All caught. All fixed. [Grand Prize]
  • 100% detection rate. GitLab SAST catches maybe 2 out of 9. Semgrep catches 3. GuardianMR catches everything. [Most Impactful]
  • Claude is 100% of the intelligence. Every vulnerability discovered, every fix generated, every verification pass runs through Claude. This isn't "AI assisted," it's AI powered end to end. No other model can trace auth flows across files and understand that != "guest" should be == "admin". [GitLab & Anthropic]
  • Runs on GitLab's managed infrastructure. Claude served via Vertex AI through GitLab AI Gateway
  • 3 operating modes: Review only, Fix on command, and Full Autonomous Cycle (one trigger does review then fix then verify)
  • Full security lifecycle in one MR: Review (found 5), Fix (auto committed), Re review (verified fixes, found 3 deeper), Fix remaining, Verify all 9, Secure code
  • Multi pass intelligence: Each review pass discovers deeper vulnerabilities. Pass 1 found surface bugs, pass 2 found SSTI and weak hashing that were masked by the original issues
  • Cross file fixes: Fixed middleware.py (inverted admin logic), auth.py (weak hashing), models.py (seed data), config.py (hardcoded JWT). All from a review of app.py changes
  • Attack chain detection: Inverted admin logic + IDOR + path traversal = full system compromise (CVSS 9.1)
  • Zero configuration. One comment to trigger. No rule files, no setup, no API keys. [Easiest to Use]
  • Zero false positives. Every finding verified by cross file data flow tracing
  • 246 bugs caught at MR stage. On demand execution, zero idle compute, shift left by design
  • External validation: found real bugs in code we didn't write. Tested against the OWASP Vulnerable Flask App (7 auto fixes) and a real world Flask app that was NOT intentionally vulnerable (5 real vulnerabilities discovered). No other submission has done this. [Grand Prize] [Most Impactful]
  • Built by a solo developer + Claude

What we learned

  • LLMs can reason about code security in ways that pattern matching tools structurally cannot, especially for authorization logic, error handling, and business logic flaws
  • The Duo Agent Platform's ambient flow environment is powerful but requires careful context management. context:goal is the reliable input path
  • Claude's ability to trace cross file data flows is the key differentiator. SAST can't understand that != "guest" should be == "admin"
  • Auto fix requires the agent to generate minimal, correct code changes. Claude's discipline in making targeted fixes (not refactoring everything) is critical
  • The iterative review pattern (find, fix, re review, find deeper) creates a security hardening loop that gets more thorough with each pass
  • The hackathon Discord community was invaluable for debugging platform specific issues

What's next for GuardianMR

  • Reviewer assignment trigger: Auto review when assigned as reviewer (not just mention)
  • Fix MR creation: Create separate fix branches/MRs instead of committing to the source branch
  • Custom security rules: Configure focus areas and severity thresholds via AGENTS.md
  • Multi language support: Extend beyond Python/Flask to JavaScript, Go, Java
  • CI pipeline integration: Run as a pipeline job with gl-sast-report.json output for Security Dashboard
  • Severity based auto block: Prevent MRs with critical findings from being merged

Why this matters beyond the hackathon

This isn't a prototype. The $4B application security testing market is being disrupted by AI right now. Cogent Security raised $42M in Feb 2026 for exactly this. GitHub has Copilot Autofix for GitHub users. GitLab users have nothing equivalent. Until GuardianMR.

Every 13 minutes, a new CVE is published. 48% of AI generated code has vulnerabilities. As AI writes more code, the need for AI security review doesn't just grow, it explodes. GuardianMR is the answer: catch vulnerabilities at $100 in the MR, not $100,000 in production. Not $4.88M after the breach.

Built With

Share this project:

Updates