<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: ASHISH</title>
    <description>The latest articles on DEV Community by ASHISH (@ashish_3feb4ebc7a5923e9b7).</description>
    <link>https://dev.to/ashish_3feb4ebc7a5923e9b7</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3999996%2Fe43e8a87-a76c-4703-a9a1-c89f16e066a3.png</url>
      <title>DEV Community: ASHISH</title>
      <link>https://dev.to/ashish_3feb4ebc7a5923e9b7</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/ashish_3feb4ebc7a5923e9b7"/>
    <language>en</language>
    <item>
      <title>Scankii: The First Static Security Scanner Built to Stop AI Agents from Leaking API Keys</title>
      <dc:creator>ASHISH</dc:creator>
      <pubDate>Wed, 01 Jul 2026 15:52:26 +0000</pubDate>
      <link>https://dev.to/ashish_3feb4ebc7a5923e9b7/scankii-the-first-static-security-scanner-built-to-stop-ai-agents-from-leaking-api-keys-1nj5</link>
      <guid>https://dev.to/ashish_3feb4ebc7a5923e9b7/scankii-the-first-static-security-scanner-built-to-stop-ai-agents-from-leaking-api-keys-1nj5</guid>
      <description>&lt;p&gt;Hey DevHunt community! 👋&lt;/p&gt;

&lt;p&gt;I'm incredibly excited to launch Scankii!&lt;/p&gt;

&lt;p&gt;As developers, we are building more and more AI Agents using frameworks like LangChain, OpenHands, and AutoGen. The standard paradigm is giving these agents "skills" or "tools" — which are basically just Python functions combined with Natural Language instructions (prompts or docstrings).&lt;/p&gt;

&lt;p&gt;But here is the problem: Standard secret scanners (like GitLeaks or TruffleHog) are blind to AI-specific vulnerabilities.&lt;/p&gt;

&lt;p&gt;They only scan source code for hardcoded secrets. But what if your Python code securely loads an API key, and your English instructions accidentally trick the agent into printing that key to stdout? The agent framework captures that output, injects it into the LLM context window, and your secret is suddenly exposed. We call this Cross-Modal Leakage.&lt;/p&gt;

&lt;p&gt;Enter Scankii. 🛡️&lt;/p&gt;

&lt;p&gt;Scankii solves this by analyzing the intersection of your Natural Language and your code. It uses a dual-engine pipeline (NL Semantic Analyzer + AST Syntax Analyzer) to track variable flows between your prompts and your code sinks.&lt;/p&gt;

&lt;p&gt;✨ Core Features:&lt;/p&gt;

&lt;ol&gt;
&lt;li&gt;Dual-Engine Scanning: Correlates English instructions with Python ASTs.&lt;/li&gt;
&lt;li&gt;Local-First &amp;amp; Fast: Your proprietary agent tools and code never leave your machine.&lt;/li&gt;
&lt;li&gt;CI/CD Ready: Outputs standard SARIF reports. Drop it into GitHub Actions or use it as a pre-commit hook.&lt;/li&gt;
&lt;li&gt;Framework Agnostic: Works with LangChain, AutoGen, CrewAI, MCP, or any custom python agent framework.&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;I built Scankii to give developers peace of mind when scaling their agent toolchains. Security shouldn't be an afterthought when building autonomous systems.&lt;/p&gt;

&lt;p&gt;I would love for you to try it out on your agent repos, star the project, and leave any feedback or questions below! I'll be here all day answering them. 👇&lt;/p&gt;

&lt;p&gt;GitHub Repository: &lt;a href="https://github.com/ashp15205/scankii" rel="noopener noreferrer"&gt;https://github.com/ashp15205/scankii&lt;/a&gt;&lt;br&gt;
Installation: pip install scankii&lt;/p&gt;

</description>
      <category>ai</category>
      <category>security</category>
      <category>python</category>
      <category>cli</category>
    </item>
    <item>
      <title>I kept asking AI to fix bugs. It kept refactoring my entire project. Here's how I fixed that.</title>
      <dc:creator>ASHISH</dc:creator>
      <pubDate>Wed, 24 Jun 2026 07:34:31 +0000</pubDate>
      <link>https://dev.to/ashish_3feb4ebc7a5923e9b7/i-kept-asking-ai-to-fix-bugs-it-kept-refactoring-my-entire-project-heres-how-i-fixed-that-45pf</link>
      <guid>https://dev.to/ashish_3feb4ebc7a5923e9b7/i-kept-asking-ai-to-fix-bugs-it-kept-refactoring-my-entire-project-heres-how-i-fixed-that-45pf</guid>
      <description>&lt;p&gt;Every developer using AI tools has hit this at least once.&lt;br&gt;
You ask Cursor or Copilot to fix one bug. It touches 8 files. Three of them weren't related to the bug. One of them broke something else. You spend the next hour undoing what the AI "fixed."&lt;br&gt;
This isn't an AI problem. It's a workflow problem.&lt;br&gt;
The AI had no idea what you wanted from it. Fix surgically? Refactor freely? Plan first? It didn't know. So it guessed. And it guessed wrong.&lt;/p&gt;

&lt;p&gt;The root cause&lt;br&gt;
Most developers use the same prompt workflow for every task.&lt;br&gt;
Bug fix. New feature. System design. Quick patch. Same structure. Same expectations. Same results.&lt;br&gt;
The AI treats all of these identically because you treated them identically. You gave it no operating context.&lt;/p&gt;

&lt;p&gt;The fix: Operating Modes&lt;br&gt;
I built Vibe Coding Essentials to solve this for myself. The core idea is simple.&lt;br&gt;
Before prompting, set a mode. The mode tells the AI exactly how to behave for this specific task.&lt;br&gt;
4 modes:&lt;br&gt;
[BUILDER] — New features. Move fast. Acceptable tradeoffs. Don't over-engineer.&lt;br&gt;
[MAINTAINER] — Surgical fixes only. Touch nothing outside the scope. No refactors. No new dependencies.&lt;br&gt;
[ARCHITECT] — Plan and structure before a single line of code is written.&lt;br&gt;
[ECONOMY] — Minimal output. Low token use. No padding. No unnecessary files.&lt;/p&gt;

&lt;p&gt;&lt;a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fn3cvegvmlfhbeaey4nxb.webp" class="article-body-image-wrapper"&gt;&lt;img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Farticles%2Fn3cvegvmlfhbeaey4nxb.webp" alt=" " width="800" height="800"&gt;&lt;/a&gt;Usage is simple:&lt;br&gt;
[MAINTAINER] We have a regression in the billing calculator. Fix only the calculateTotal function. Write a failing test first.&lt;br&gt;
[BUILDER] Build a user authentication flow with email and password. JWT tokens. Don't add OAuth yet.&lt;br&gt;
[ARCHITECT] Design the database schema for a multi-tenant SaaS. No code yet. Just decisions and tradeoffs.&lt;/p&gt;

&lt;p&gt;How to get started&lt;br&gt;
60 seconds. No install. No dependencies.&lt;/p&gt;

&lt;p&gt;Copy AGENTS.md to your project root&lt;br&gt;
Paste the anti-hallucination rules for your framework into AGENTS.md&lt;br&gt;
Add a mode tag before your next prompt&lt;br&gt;
See if the output changes&lt;/p&gt;

&lt;p&gt;That's it.&lt;/p&gt;

&lt;p&gt;Why I built this&lt;br&gt;
I got burned. Multiple times.&lt;br&gt;
Context collapse mid-feature. AI adding 4 packages to format a date. A session that cost real tokens and shipped nothing. Code that worked but nobody on the team could understand.&lt;br&gt;
I started documenting every failure. Patterns emerged. The modes came from that.&lt;br&gt;
This is the framework I wish existed when I started using AI tools seriously.&lt;/p&gt;

&lt;p&gt;The philosophy&lt;br&gt;
The model generates. The developer decides. You own the workflow.&lt;/p&gt;

&lt;p&gt;Contributions welcome — especially if you've been burned by an AI workflow failure that isn't documented yet.&lt;/p&gt;

&lt;p&gt;GitHub: &lt;a href="https://github.com/ashp15205/vibe-coding-essentials" rel="noopener noreferrer"&gt;https://github.com/ashp15205/vibe-coding-essentials&lt;/a&gt;&lt;/p&gt;

</description>
      <category>ai</category>
      <category>vibecoding</category>
      <category>cursor</category>
      <category>githubcopilot</category>
    </item>
  </channel>
</rss>
