Detect and patch vulnerabilities in AI-generated Python code, directly from your editor.
Website · Marketplace · Issues · Discussions
Redlyne is a VS Code extension that scans Python code — especially code generated by AI assistants like Copilot, ChatGPT, or Claude — for known vulnerability patterns, and proposes one-click in-editor patches you can apply with a single confirmation.
It runs entirely on your machine. No code is sent to any server.
Built for AI. Built without AI. Redlyne is powered by a deterministic rule engine — no LLM, no probabilistic guesses, no hallucinated fixes. The detection rules are hand-crafted by security researchers, not auto-generated. Every flag and every remediation suggestion is reproducible and auditable.
AI coding assistants are fast, and they're also reliably insecure. In a 2025 study evaluating 609 Python snippets generated by GitHub Copilot, Claude 3.7 Sonnet, and DeepSeek V3, ~76% of the code contained security vulnerabilities — for GitHub Copilot specifically the rate climbs to ~84% (source). The patterns are well-known to security engineers: SQL injection from string concatenation, command injection from os.system, weak crypto defaults, hard-coded secrets, unsafe deserialization, path traversal, SSRF, and more.
There's also a structural problem alongside the security one. A 2025 study analyzing 500 Python snippets across four AI assistants found that ~13% of them are incomplete — missing imports or context. For GitHub Copilot specifically, that number rises to ~31% — almost one snippet in three (source). AST-based analyzers like Bandit, CodeQL, and PyT can't process those snippets at all: without a parseable program, they can't build the tree they rely on.
Redlyne sits in your editor and flags vulnerability patterns the moment you select the snippet, then offers a remediated version. Pattern-based detection works on any fragment, complete or not. Instead of relying on another LLM to find LLM bugs, it uses a curated set of deterministic rules built by people whose job is to find vulnerabilities.
- Built for AI, built without AI — deterministic rule engine, no LLM, no hallucinations, every flag is reproducible
- Expert-curated rule set — detection patterns hand-crafted by security researchers targeting OWASP Top 10 categories observed in AI-generated Python code
- Static vulnerability detection on Python code selected in the editor
- Automated remediation suggestions, applied as in-place edits to the source file with your explicit confirmation
- Right-click integration in the editor context menu for any Python selection
- Local execution — your code never leaves your machine
- 85 deterministic detection rules covering 35 CWE categories mapped to 9 of the 10 OWASP Top 10:2021 categories — see the full list in COVERAGE.md
- 10 of those 35 CWEs are in MITRE's Top 25 most dangerous software weaknesses (any year between 2021 and 2023)
- Rules derived from analysis of 240 real vulnerable Python samples sourced from SecurityEval and the Copilot CWE Scenarios Dataset, two established security benchmarks
- Each detected vulnerability comes with an automated patch suggestion — not a comment, not an LLM guess, but a concrete code replacement
- Patch quality on par with leading LLMs (Pylint score ~9/10) but with significantly lower added complexity
Benchmarked on 609 Python snippets generated by GitHub Copilot, Claude 3.7 Sonnet, and DeepSeek V3 (evaluation conducted in early 2025):
| Tool | Precision | Recall | F1 | Accuracy | Patch correctness |
|---|---|---|---|---|---|
| Redlyne | 0.97 | 0.88 | 0.93 | 0.89 | 80% |
| CodeQL | 0.89 | 0.68 | 0.77 | 0.70 | n/a |
| Semgrep | 0.89 | 0.72 | 0.80 | 0.72 | comment-only |
| Bandit | 0.89 | 0.68 | 0.77 | 0.69 | comment-only |
| ChatGPT-4o | 0.79 | 0.93 | 0.85 | 0.76 | 52% |
| Claude 3.7 Sonnet | 0.81 | 0.91 | 0.85 | 0.77 | 65% |
| Gemini 2.0 Flash | 0.78 | 0.95 | 0.85 | 0.76 | 49% |
Highlights:
- Highest Precision of any tool tested (0.97) — fewer false positives means less alert fatigue
- Highest F1 Score and Accuracy of any tool tested — beating both traditional static analyzers and the latest LLM-based assistants
- Highest patch correctness of all tools that actually modify code (CodeQL doesn't patch; Semgrep and Bandit only emit comment-style suggestions)
- Patches preserve cyclomatic complexity (mean 2.29 vs. 2.40 for the original code), unlike LLM-based patchers which significantly increase it
A note on model versions. Specific LLM versions evolve quickly. The numbers above reflect a snapshot from early 2025, but the structural difference remains invariant: Redlyne is a deterministic engine where every flag is reproducible by design. LLM-based assistants are probabilistic — even newer versions are subject to hallucinations, non-reproducible outputs, and uneven coverage of vulnerability classes underrepresented in their training data. We plan to refresh the benchmark periodically as new models are released.
From the VS Code Marketplace (recommended):
- Open VS Code
- Extensions panel (
Ctrl+Shift+X) - Search for
Redlyne - Click Install
From the command line:
code --install-extension redlyne.redlyne-aiFrom a .vsix (manual install):
- Download the latest
redlyne-x.y.z.vsixfrom Releases - In VS Code, run
Extensions: Install from VSIX...from the Command Palette - Select the downloaded file
- Open a Python file (
.py) in VS Code - Select the block of code you want to analyze
- Right-click the selection → Redlyne: Run Analysis
- Review the notifications
- Confirm to apply the suggested patch
The same command is also available from the Command Palette (Ctrl+Shift+P → "Redlyne: Run Analysis").
🪟 Redlyne currently runs only on Windows with WSL2 installed. Cross-platform support for Linux and macOS is on the roadmap.
Before using the extension, make sure you have:
- Windows 10/11 with WSL2 installed
- Inside your WSL distribution:
- Python 3.8+
- jq (
sudo apt-get install jq) - bash (default in most WSL distributions)
- VS Code 1.89 or newer
Redlyne is in early access. The detection engine works and the extension is usable for daily code review, but expect some rough edges:
- Platform: Windows + WSL2 only today. Linux and macOS will be supported once we replace the WSL-coupled runtime.
- Performance: a single analysis takes ~15-20 seconds for a typical selection. We have a clear path to bring this down significantly and it's our top engineering priority.
- Rule coverage: the current rule set targets the most frequent classes of AI-generated vulnerabilities. We are continuously expanding it.
- Languages: Python only. Other languages may follow based on demand.
If something doesn't work the way you expect, please open an issue — we read everything.
- Workspace or extension paths containing spaces or special characters may cause shell scripts to fail. Prefer paths without spaces.
- Detection and remediation depend on the bundled rule set; novel or obfuscated patterns may not be flagged.
- Selections that are too short (a single statement out of context) may not provide enough signal for accurate analysis.
Contributions of all sizes are welcome — bug reports, feature ideas, rule submissions, documentation fixes, and code.
- Read CONTRIBUTING.md for the development setup and pull request process
- Read CODE_OF_CONDUCT.md for community expectations
- Browse open issues, especially those tagged
good first issue - Join the discussion in GitHub Discussions
- General inquiries / partnerships / press: info@redlyne.io
- Bugs and feature requests: GitHub Issues
- Questions and ideas: GitHub Discussions
- Code of Conduct reports: conduct@redlyne.io
- Website: redlyne.io
Redlyne uses a dual-license model:
| Component | License |
|---|---|
| Source code (extension, scripts, build) | Apache License 2.0 |
| Detection rules, vulnerability patterns, datasets | CC BY-NC-SA 4.0 (non-commercial) |
This separation keeps the engineering side fully open source — fork it, extend it, ship it commercially with attribution — while preserving the value of the curated rule set.
For commercial licensing of the rules and datasets, partnership, or enterprise inquiries: redlyne.io · info@redlyne.io
The names "Redlyne" and the Redlyne logo are trademarks. See NOTICE for details.