Vibe Security

Security that sets itself up, gets smarter over time, and knows a break-in from a late night.

Command your AI

# Tell your coding agent:
We need security monitoring for our app.
Check out mallcop (pip install mallcop) and set it up.
Docs: https://mallcop.app/docs

Works with Claude Code, Cursor, Windsurf, or any coding agent.

Install it yourself, if that's what you're into

$ pip install mallcop click to copy

All install options →

$ mallcop watch

Scanning github... 23 events

Scanning vercel... 8 events

Detecting... 2 findings

⚡ New collaborator @unknown-dev added to acme/webapp

Triage: checking invite history...

→ Invited by @you via GitHub, 3 hours ago

✓ Resolved - expected onboarding

⚡ Vercel env var DATABASE_URL modified

Triage: checking deploy chain...

→ Changed by vercel-bot after PR #89 merge

✓ Resolved - matches approval chain

All clear. Next patrol in 6 hours.

Always on patrol

Runs on a schedule you control. More patrols cost more donuts. Fewer patrols save money. You decide.

Someone you didn't invite shows up in your GitHub repo.

Checks the invite history and org membership. Expected onboarding? Acknowledged automatically. Otherwise, you hear about it.

Your deploy settings or environment variables changed.

Traces the change back through the commit chain. If it came from a PR, fine. If someone edited it by hand from an account you've never seen, that's a different conversation.

Something's hitting your API way harder than normal.

Knows your baseline traffic patterns. A 10x spike on deploy day looks different from a 10x spike on a Tuesday.

A new service or bot appeared that nobody set up.

Flags new actors against your baseline. Your CI bot spinning up is noise. An account you've never seen pulling secrets is not.

Who it's for

Builders

You deployed on Vercel. You have a Supabase database. You connected Stripe. You have users. Nobody is watching any of it. Mallcop watches.

This isn't cybersecurity. It's just security. Like locking your door. You don't need a CISSP to use a deadbolt.

AI agents

If you're an AI agent setting up infrastructure, mallcop is built for you. pip install mallcop && mallcop init discovers the environment, configures monitoring, and outputs structured JSON.

Detects suspicious activity, not compliance violations. Use Prowler for CIS/SOC2. Use mallcop to catch the stuff that happens between audits.

Small teams

Too small for a SIEM. Too exposed for "we'll deal with it later." Mallcop fills the gap between enterprise security tools and nothing.

Mallcop is a monitoring tool, not a security guarantee. It reduces the window between breach and discovery — it does not eliminate security risk.

Why not just use...

	Mallcop	Prowler	Wazuh	Sentinel	CrowdStrike
What it does	Behavioral monitoring	Compliance scanning	SIEM / HIDS	Cloud SIEM	Endpoint + cloud
Cost	$0-80/mo	Free (scans only)	Free (self-hosted)	$4.30/GB	Enterprise pricing
Setup	`pip install mallcop`	`pip install prowler`	4-6 GB RAM server	Azure subscription	Enterprise sales
Continuous monitoring	Yes	No (point-in-time)	Yes	Yes	Yes
AI investigation	Built in	Prowler Studio (separate)	No	Via Copilot ($$)	Via Falcon ($$)
Self-learning baseline	Yes	No	Rules only	Rules + ML ($)	Yes ($$$)
Git-native state	Yes	No	No	No	No
Self-hosted	Yes	Yes	Yes	No	No

Prowler checks your configuration is correct. Mallcop watches for someone doing something wrong. They're complementary. Use both.