Built by engineers who got tired of security theater.

Most SAST tools ship findings that are technically correct and functionally useless. The signal is buried, the narrative is absent, the fix is left as an exercise. Dissect was built to flip that ratio.

We do not believe AI alone is the answer to security. We believe a deterministic pipeline plus a hardened, schema-validated LLM is the answer to narrative. Semgrep and Tree-sitter still find the patterns. The Code Graph still maps the architecture. The agent inherits a Trace Block instead of guessing one, and writes the report your security team never had time to write.

In practice: every commit triggers a scan, the Code Graph resolves routes, middleware, ORM schema, and auth surface, and one Trace Block per candidate flows into the agent. Two-pass validation gates every narrative. A four-rule hallucination defense rejects invented files, impossible fines, and bogus CWE numbers. The output is an exploit chain, a blast radius, a fix in your language, and a curl payload that verifies the fix landed.

On Scale and Enterprise, Mythos goes further. A four-pass adversary loop, Hunter and Critic and Narrator and Chainer, hunts the bugs SAST cannot see by construction. Cross-file taint, business-logic flaws, auth bypasses living in the architecture, exploit chains that stitch separate findings into one story.

We are small, we ship fast, and we are skeptical of our own claims. If you find a false positive that should not have shipped, tell us at hello@dissect.security. We’ll fix it, and we’ll publish what we learned.