About AuditBuffet

What We Do

AuditBuffet is a library of adversarially-tested audit prompts for AI-built projects. Each audit runs inside your existing AI coding tool — Claude Code, Cursor, ChatGPT, Windsurf, Bolt, or any other tool — and produces a scored report with severity-ranked findings and actionable remediation guidance.

We cover security, SEO, accessibility, performance, compliance, and code quality. Every audit is free, and every result feeds the community benchmark pool so you can see how your project compares.

Why We Built This

AI coding tools are remarkably productive. They can scaffold an entire application in minutes. But speed creates blind spots — security headers get skipped, accessibility labels are forgotten, SEO fundamentals are half-implemented. The builder moves fast and the AI doesn’t flag what it doesn’t know to check.

AuditBuffet exists to catch what your AI missed. Instead of relying on ad-hoc “check my security” prompts, we provide structured audits with deterministic pass/fail checks, severity-weighted scoring, and community benchmarks. The audits are adversarially tested against intentionally vulnerable and clean codebases until false positives are under 5% and critical findings are never missed.

Our Methodology

Every audit follows the same rigorous process:

• Deterministic checks — each check has explicit pass/fail criteria. No subjective scoring, no ambiguity.
• Severity-weighted scoring — checks are weighted by impact: Critical (10), Warning (3), Info (1). Your score reflects what matters most.
• Adversarial testing — every prompt is tested against synthetic codebases (golden and bare-minimum fixtures) across multiple AI models to ensure consistency.
• Version control — audits are versioned with semver. Every change is tracked, and scores across versions are comparable via retrospective scoring.

For the full technical details, see our documentation.

Privacy First

Your code never leaves your machine. Audit prompts run locally inside your AI tool. The only data submitted to AuditBuffet is a structured JSON telemetry block containing check IDs and pass/fail results — no source code, no file contents, no environment variables, no API keys, no URLs, and no PII.

Read our full privacy policy for details on how we handle data.

Community Benchmarks

Every audit submission contributes to our community benchmark pool. Benchmarks use a 90-day rolling window with a minimum of 30 scores per segment before displaying percentile rankings. This means your score isn’t just a number — it’s a position relative to other projects using the same tech stack.

Explore the latest benchmarks on the benchmarks page.

Get in Touch

Follow us on X (Twitter) or find us on GitHub. For questions, feedback, or partnership inquiries, reach out through either channel.