SQL Injection & Unsafe Queries
String interpolation and injection vectors in database code.
Weak Authentication
Incomplete auth flows and missing permission checks.
Hardcoded Secrets
API keys and tokens copied from training data.
Risky Configurations
Open CORS, debug modes, wildcard permissions.
Insecure Dependencies
Old library versions with known CVEs.
anty scan ./src
COMPLETE
HIGH
3/3 agents
SQL Injection via template literal
Template literals for SQL appear in ~2.3M training samples. AI defaults to this insecure pattern.
HIGH
2/2 agents
Hardcoded API key detected
"sk-example" prefix appears in 140K+ training samples.
Active Agents
INJECT
SECRETS
AUTH
CONFIG
DEPS
↓
✓ Cross-Verified