VulntraceAI
Open Workspace
Local-first · signed & notarized

Run it all on your machine.

The Companion does the real work locally — code, credentials, and PoC runs never leave your device. The Workspace only ever sees a finding's shape.

detected

macOS

VulntraceAI.dmg · Apple Silicon + Intel

Download

Windows

VulntraceAI-Setup.exe · x64

Download

Linux

VulntraceAI-linux-x64.tar.gz · x64

Download

v0.1.0 · verify against SHA256SUMS.txt · macOS 12+, Windows 10+, Apple Silicon & Intel

Browser workflow

Install once. Drive from anywhere.

1

Download

Install the Companion — one signed package.

2

Pair

Enter the 6-character code from the Workspace.

3

Scan

Drive everything from the browser; work stays local.

Privacy by architecture

What never leaves your machine.

Not a policy — a boundary. The control plane is intentionally blind to your code.

Your repositories

Cloned and analyzed on your machine. Never uploaded.

stays on-device

Your model keys

Stored in the OS keychain. The cloud never sees them.

stays on-device

Your evidence

PoC runs, logs, and the final advisory render on-device.

stays on-device
Prefer the terminal?

Same engine, no app.

Run the methodology directly in Claude Code, or from any shell.

claude code plugin
/plugin marketplace add vulntraceai/vulntrace
/plugin install vulntrace@vulntrace
macos · linux
curl -fsSL https://vulntraceai.com/install.sh | bash
any os
npx vulntraceai@latest
Open the Workspace