Fleet 1.13:Teams are now shipping 5x more PRs with autonomous pipelines.See what's new →
FleetFleet
Agent templateSecurity

Security Reviewer AI Agent (Template)

A security reviewer agent reads code changes for security vulnerabilities before they reach production. It focuses on the categories of issues that matter most for your application: injection flaws, authentication gaps, insecure deserialization, secrets in code, and broken access control.

Security review is a domain where the gap between a generic agent and a role-specific one is large. A security reviewer prompt should encode your threat model, which vulnerability classes are in scope, and the severity thresholds that block a merge versus generate a follow-up ticket. Without this, a generalist reviewer may flag style issues while missing an actual injection vector.

What this agent owns

  • Scan PR diffs for injection vulnerabilities, broken auth, and access control flaws
  • Check for hardcoded secrets, credentials, or sensitive data in committed files
  • Review changes to authentication and session management logic with extra scrutiny
  • Assess third-party dependency additions for known CVEs before they are merged
  • Document findings with severity ratings and recommended remediation steps

Recommended model: Claude Opus

Security review requires careful reasoning about adversarial inputs and subtle trust boundaries where Opus outperforms Sonnet.

Example tasks

  • Review a new OAuth callback handler for CSRF and open redirect vulnerabilities
  • Audit a file upload endpoint for path traversal and content-type bypass risks
  • Check a PR that modifies role-based access control logic for privilege escalation
  • Scan a new dependency addition for transitive CVEs and license compatibility
# create an agent from this template, then start it
$ fleet agent create --name security-reviewer--vendor claude-code --template <template-name>
$ fleet agent start security-reviewer

Find the exact template name with fleet template list.

Related agent roles

Code ReviewerDevOps EngineerTech Lead

Run this agent in your fleet

One binary. Five minutes. See every agent, coordinate every handoff, and keep a full audit trail of what your fleet did.

See how it worksInstall Fleet