July 3, 2026
Why Iโm Building LyraSec AI
๐งฉ The problem I didnโt expect
By Ankit Das
1 min read
I've spent the last few months building Lyrafin AI almost entirely with AI coding tools. It shipped faster than anything I've built before. It also made me nervous in a way I didn't expect โ not because it broke, but because of what it would take for me to notice if it broke in the wrong way.
Every AI coding assistant I've used is genuinely great at making code that works. Not one of them has caught the SSRF hole or the missing auth check on its own โ that part is still entirely on me.
๐ What I went looking for โ and couldn't find
I went looking for a tool that would sit inside the loop I actually work in: Cursor, Claude Code, CI. Something that would tell me, in plain language, what was actually wrong and how to fix it โ not a PDF audit that lands six weeks after ship. I couldn't find it. So I'm building it.
โ๏ธ What LyraSec AI actually is
One loop โ target, scan, verified finding, fix PR, retest, report โ that works whether you're a solo builder or a team that needs SSO and audit logs. Every piece of this already exists somewhere, done well, by people I respect. What doesn't exist yet is all of it in one place, built for how code actually gets written now.
๐ Where things actually stand
Auth, dashboard, project setup, RBAC, audit logging, SSRF hardening โ done. The scan engine is next. I'd rather tell you that honestly than oversell where we are.
๐ณ Eating my own cooking
Before this goes near anyone else, I'm running it against Lyrafin AI's own codebase first.
๐ก Following along
Building this in public from here. More soon.