Dev Tools|Index 02
Cosine Launches AI Security Tool for SMEs, Mid-Market
Cosine's new AI security tool, built on a post-trained Kimi K2.6 model, offers SMEs and mid-market companies advanced vulnerability scanning and penetration testing capabilities, moving beyond generic LLM wrappers.
- Via
- AITECH TOKYO Editors
- Dateline
- Tokyo, 2026-06-20
- Date
- June 20, 2026
- Time
- 4 min read
Source
Hacker News Top
Tagline
AI security scanner for SMEs and mid-market.
Who & Why
For a Tokyo-based indie developer or a small SaaS team needing to quickly audit their codebase for vulnerabilities without the cost of a full security firm.
vs. Existing
This tool competes with manual penetration testing firms and existing AI security tools that are often just wrappers around general-purpose LLMs, offering deeper, post-trained analysis specifically for security flaws.
Tokyo Take
While promising for startups, its reliance on a CLI and token-based pricing might not immediately fit all Japanese SMBs. Japanese-language documentation and local integration partners will be key for adoption, especially for the gated pen-test feature.
Cosine, a YC W23 alumnus, has launched an AI-powered security tool designed to identify vulnerabilities in codebases and live systems. It aims to address a gap in the market where sophisticated cyber-focused AI models are typically gated for large enterprises, leaving small to medium-sized businesses (SMEs) and mid-market companies underserved.
Many existing AI cyber tools are described as mere wrappers around foundation models, inheriting their built-in guardrails and refusal mechanisms. This limits their effectiveness in adversarial security tasks, where an AI needs to think like an attacker to uncover weaknesses.
To overcome this, Cosine post-trained an open-weights model, Kimi K2.6, on a decade of capture-the-flag (CTF) contest data. This specialized training involved supervised fine-tuning (SFT) on CTF writeups and reinforcement learning (RL) with verifiable rewards against actual exploit checks.
The tool offers two primary modes via a command-line interface (CLI). The "Security scan" provides a read-only audit of a local codebase, reporting specific vulnerabilities tied to file and line numbers, avoiding vague findings.
The "Pen test" mode, currently gated, operates as an active adversarial agent within a sandboxed environment. It demonstrates vulnerabilities by executing exploits and showing the exact requests sent and responses received, rather than relying on confidence scores.
"It proves each vulnerability by running the exploit and showing the request it sent and the response your code gave back, not a confidence score."
As a demonstration, Cosine pointed its scanner at Google's open-source "Bank of Anthos" application, identifying an integer overflow vulnerability in the transfer path, alongside common authentication and secrets issues. This example allows users to replicate the scan independently.
The CLI is distributed as a local binary, processing code locally before sending context to Cosine's inference API over TLS. Installation is free, and users can run scans up to 2 million tokens without charge, with token-based pricing thereafter.
Adjacent Tools
Dev Tools
Geopolitical AI and Supply Chain Resilience: A New Orchestration Platform
As regulatory pressures mount on major AI developers, a new orchestration layer emerges to help businesses diversify their LLM dependencies and ensure operational continuity.
Dev Tools
Pulse: A Local Monitor for Claude Agent Activity
A student-built open-source application offers real-time visibility into Claude agent token usage and costs, with remote tool call approval, all running locally.
Dev Tools
Nobel Laureate John Jumper Joins Anthropic, Signaling a Shift in AI Scientific Research
The departure of AlphaFold lead John Jumper from DeepMind to Anthropic marks a significant talent shift in foundational AI, potentially accelerating new applications in scientific discovery and safety.