HomeFeaturesHow It WorksDocsContact

Architecture

How BugZeroAI works.

An AI supervisor orchestrates 28 modules in parallel, verifies every finding, and delivers a release gate verdict.

App Intel
Detects tech stack, routes, auth flows
Supervisor
AI selects optimal modules
28 Modules
Security · Functional · Quality · AI — all parallel
Verifier
Eliminates false positives
Release Gate
PASS / HOLD verdict + score

From URL to verdict in 6 steps.

Provide your target

Paste a URL, connect a repo, or trigger via CI. BugZeroAI accepts staging URLs, localhost tunnels (Tailscale/ngrok), or API endpoints.

App Intelligence gathering

The platform crawls your app to understand routes, forms, authentication flows, API schemas, and technology stack. This context feeds every module.

Supervisor selects modules

The AI supervisor analyzes app intelligence and activates the most relevant modules. A React SPA with JWT auth triggers different modules than a REST API with API keys.

Parallel execution

Up to 28 modules run concurrently. Security probes, functional tests, performance benchmarks, and AI analysis execute in parallel — modules run concurrently for maximum speed.

Verification + Root Cause

Every finding is verified to eliminate false positives. Root Cause AI enriches issues with expected behavior, actual behavior, impact analysis, and evidence summaries.

Release Gate verdict

All results aggregate into a single PASS/HOLD decision with a readiness score. Fix Generation creates draft PRs for actionable issues. Reports go to Slack, GitHub, or your dashboard.

Integrate in minutes.

Three ways to trigger scans — pick the one that fits your workflow.

github-actions.yml

name: BugZeroAI Scan on: push: branches: [main] jobs: qa-scan: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Trigger BugZeroAI env: BUGZERO_API_KEY: ${{ secrets.BUGZERO_KEY }} run: | curl -s -X POST https://api.bugzero.ai/scan \ -H "Authorization: Bearer $BUGZERO_API_KEY" \ -H "Content-Type: application/json" \ -d '{"url":"${{ vars.STAGING_URL }}","wait":true}'

REST API

# Start a scan curl -X POST https://api.bugzero.ai/scan \ -H "Authorization: Bearer YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "url": "https://staging.example.com", "modules": ["pentest", "owasp", "brd", "performance"], "brdUrl": "https://docs.example.com/requirements.pdf" }' # Response { "scanId": "scan_a1b2c3d4", "status": "running", "estimatedMinutes": 12 }

MCP Server (Claude Code / Cursor)

// Add to your MCP config { "mcpServers": { "bugzero": { "command": "npx", "args": ["bugzero-mcp-server"], "env": { "BUGZERO_API_KEY": "your-key-here" } } } } // Then in Claude Code: // "Scan my staging app for security issues" // BugZeroAI runs automatically via MCP

Scan localhost, securely.

Two options for exposing local dev servers to BugZeroAI scanners.

Recommended

Tailscale Funnel

Zero-trust networking. Your local server gets a stable HTTPS URL on your tailnet. No ports exposed to the public internet.

tailscale funnel 3000 # https://your-machine.tail1234.ts.net
Alternative

ngrok

Quick tunnel for ad-hoc testing. Creates a temporary public URL that forwards to your local server. URLs rotate on free tier.

ngrok http 3000 # https://a1b2c3d4.ngrok-free.app

Ready to automate your QA?

Set up takes less than 60 seconds. No credit card required.

Read the Docs Contact Us