getdebug 0.4.0 catches AI-app bugs Bandit misses
Regex prefilters catch prompt-injection and unbounded-stream patterns; Bandit and Semgrep generate false positives on safe allowlist-then-run patterns because they don't track data provenance.
June 5, 2026
Summary
Existing Python SAST (Bandit, Semgrep) have zero AI-app-specific rules and flag safe patterns as vulnerable, forcing manual triage. getdebug fills the gap: 100% precision/recall on AI-specific fixtures, zero false positives on real code.
Why it matters
Existing Python SAST (Bandit, Semgrep) have zero AI-app-specific rules and flag safe patterns as vulnerable, forcing manual triage. getdebug fills the gap: 100% precision/recall on AI-specific fixtures, zero false positives on real code.
Implementation verdict
Complements rather than replaces Bandit and Semgrep. Run all three: `bandit -r .`, `semgrep --config auto .`, then `npx @getdebug/cli@0.4.0 analyze .`. Requires Node.js runtime for getdebug CLI. Worth trying now on Python LLM projects; optional Ollama integration for on-device LLM analysis.
Sources
- 1.pattern-based regex prefilters in JS/TS + Python (new in 0.4.0)
- 2.unsafe-tool-output fixture via their generic subprocess.run(shell=True) rules
- 3.getdebug's regex specifically requires the tool_call.input.X / block.input.X reference in the sink arg
- 4.Both tools miss the other four behavioural categories (pii-in-prompt, unsafe-role-merge, prompt-injection, unbounded-stream) entirely
- 5.getdebug 6 are all AI-app categorized
- 6.None of them subsume the others
Dev Signal
Get briefs like this in your inbox — free, 3x a week.
100+ sources compressed into one 4-minute read. Ranked, cited, implementation-ready.