Everything wrong with your repo or live site — in one report you’ll actually understand. lens runs 200+ in-house checks across your code (15 dimensions) and live site (11), cross-verified by multiple frontier models — then writes you two reports: plain-English for founders, engineer-grade for your team. Thousands of industry-standard rules on top, synthesized into a fix-it roadmap. Minutes, not weeks. From $19 — no subscription.
A real lens report — here's a sample for Northwind, a fictional writing app. One audit, two reports: a plain-English founder view and an engineer view.
Anyone can send email pretending to be your business — the single most valuable thing to fix. It costs nothing, protects your brand, and helps your own sign-up and billing emails actually reach customers.
Plenty of tools wrap one model in a clever prompt. lens is a 200+-check audit engine — purpose-built analyzers across 26 dimensions of your code and live site — with multiple frontier models cross-verifying every finding. The depth is the product, not the prompt.
Most scanners bury you in raw vulnerabilities. lens runs 200+ checks, then hands you the handful that are actually reachable in your code and exploited in the wild right now — so you fix what counts instead of drowning in a list.
Every finding is cross-verified by multiple frontier models and grounded in your actual code — so you get the issues that are real, not a wall of AI false positives. Confidence you can act on.
Built for founders, not just engineers. One plain-language report across your code, your live site, and your cloud cost — the health check you can read yourself before a fundraise, an acquisition, or a handoff. Every finding says where it's from, what it means, and why it matters. No security degree required.
A scanner gives you a list. A senior auditor connects the dots. "This storage is public, and it holds customer data, and there's no backup" becomes one flagged exposure — not three findings you have to assemble yourself.
For the clear-cut issues, lens drafts the actual change and re-checks that it works before showing it. Your developer reviews and applies, instead of starting from a blank page.
AEO — Answer Engine Optimization. ChatGPT, Perplexity, and Google's AI answers are the new search box. lens audits whether they can actually read and cite your site — llms.txt, AI-crawler access, structured data, and whether your content survives without JavaScript. It's the readiness almost no one is checking yet.
No $30/seat/month, no seat minimums, no annual contract. Buy tokens, run an audit when you need one — built for the small teams the big tools price out. Need a lot? Just talk to us.
Selling to a bigger company? lens produces the software bill of materials (SBOM) they'll ask for — CycloneDX + SPDX, generated from the audit you already ran, no extra work.
Built it on Lovable or Bolt? Deployed to Vercel? Coding in Cursor? lens audits it — from the repo or the live URL. In Cursor or Windsurf, it audits inline over the MCP.
Sign in, then open Audit an AI-built app to start — or read the per-platform setup guide.
Lovable, Bolt, Replit, v0, Vercel, Netlify, Firebase, Cursor, and Windsurf are trademarks of their respective owners. Lens is an independent tool, not affiliated with, endorsed by, or sponsored by any of them.
Add the lens MCP to Cursor, Claude Code, or Windsurf and your agent audits inline — before it opens the PR. Just say “run a lens audit and fix the security findings.” Metered per audit in tokens — no subscription. It’s the only way a full multi-dimensional audit lands right inside your build loop.
run a lens audit and fix the security findingsReal depth: 200+ in-house checks across your code (15 dimensions) and your live site (11). Every finding is grounded in your actual code and cross-verified by multiple frontier models — so what you read is real, not a wall of AI guesses. On top of that we layer in thousands of rules from industry-standard security and supply-chain scanners, then synthesize everything into plain-English results instead of raw scanner output.
Any of them. Run a GitHub repo, a live URL, or both — a combined view shows them side by side (e.g. “your code’s production-ready, but the deployed site has stale TLS”).
It runs audits inside your AI builder — Cursor, Claude Code, Windsurf — so you never context-switch. Agents can audit as they build, compare repos, and hand findings to a fix-it agent. Metered per audit in tokens — no subscription.
Repos are cloned to a temporary directory, scanned, and deleted — and every secret is redacted before any report is rendered. Live sites are checked only through what they publicly serve, and the same redaction runs before any report — so no secret ever shows up in one.
You pay per audit, in tokens: small/medium/large/XL = 1,000/2,000/4,000/8,000 tokens ($19–$152), with volume pricing on request. Every audit shows a free cost estimate first, so you see scope and price before you spend. No subscription required.
Same findings, two voices. The founder report is plain-English and decision-focused; the technical report has the detailed fixes, how serious each issue is, and a step-by-step plan your engineers can follow.
That’s exactly what the design guards against. Every finding is grounded in your actual code and then cross-verified by multiple frontier models — issues only one model is confident about get filtered out. You get the findings that survive cross-examination, not a model’s first guess.
Minutes, not weeks — most audits finish in a few minutes, depending on the size of the repo or site. You get a free cost-and-scope estimate first, and you can keep working while it runs.
Linters nitpick style, and scanners like Snyk hand you a raw vulnerability list. lens runs 200+ checks, then tells you which issues are actually reachable in your code and exploited in the wild — across security, reliability, performance, cost, and more — explained in plain English you can act on, not a wall of raw findings.
Those are AI reviewers that comment on the diff inside a single pull request. lens audits the whole product — your code and your live site — across 26 dimensions and 200+ checks, cross-verified by multiple frontier models, and hands you two reports (founder + engineer) plus the SBOM a bigger customer asks for. It’s a periodic health check of the whole system, not a line-by-line PR comment.
We point lens at our own products first.
“The first thing we did with lens was point it at our own product, kunkun.io. It surfaced gaps we’d missed — missing hreflang for our Japanese pages, deliverability holes (SPF/DKIM/DMARC), real SEO issues — each explained in plain English with why it matters.”
Dan Monahan