REPOGEO REPORT · LITE
visa/visa-vulnerability-agentic-harness
Default branch main · commit dc7d7766 · scanned 6/22/2026, 10:07:02 PM
GitHub: 533 stars · 89 forks
Action plan is what to do next — copy-pasteable changes prioritized by impact. Category visibility is the real GEO test: when a user asks an AI a brand-free question that should surface visa/visa-vulnerability-agentic-harness, does the AI actually recommend you — or your competitors? Objective checks verify the metadata signals AI engines weight first. Self-mention check detects whether AI even knows you exist by name.
Action plan — copy-paste fixes
3 prioritized changes generated by gemini-2.5-flash. Mark items done after you ship the fix.
- hightopics#1Add specific topics to improve AI categorization
Why:
COPY-PASTE FIXvulnerability-discovery, sast, ai-security, agentic-ai, llm-security, security-research, threat-modeling, vulnerability-management, code-analysis
- highreadme#2Strengthen README opening and repository description for category clarity
Why:
CURRENT# Visa Vulnerability Agentic Harness — Agentic SAST Pipeline VVAH is Visa's open-source harness for autonomous vulnerability discovery using frontier AI models, built on learnings from Project Glasswing (Anthropic's initiative for AI-assisted vulnerability research).
COPY-PASTE FIXUpdate the repository description to: 'An open-source AI-powered SAST harness for autonomous vulnerability discovery and accelerated triage, built on learnings from Project Glasswing.' Then, update the README's first paragraph to: '# Visa Vulnerability Agentic Harness (VVAH) — AI-Powered SAST for Autonomous Vulnerability Discovery VVAH is Visa's open-source **AI-powered Static Application Security Testing (SAST) harness** for autonomous vulnerability discovery using frontier AI models, built on learnings from Project Glasswing (Anthropic's initiative for AI-assisted vulnerability research). It focuses on accelerating vulnerability triage and improving SAST pipeline accuracy.'
- mediumhomepage#3Add a homepage URL to the repository metadata
Why:
COPY-PASTE FIXSet the repository homepage URL to `https://github.com/visa/visa-vulnerability-agentic-harness` (or a dedicated project page if one exists).
Category GEO backends resolved for this scan: google/gemini-2.5-flash, deepseek/deepseek-v4-flash
Category visibility — the real GEO test
Brand-free queries asked to google/gemini-2.5-flash. Did AI recommend you, or someone else?
Same questions for every model — switch tabs to compare answers and rankings.
- Snyk Code · recommended 2×
- DeepCode AI · recommended 2×
- github/codeql · recommended 1×
- Checkmarx SAST (CxSAST) · recommended 1×
- Veracode Static Analysis · recommended 1×
- CATEGORY QUERYHow can I use AI models to autonomously discover security vulnerabilities in my code?you: not recommendedAI recommended (in order):
- Snyk Code
- GitHub Advanced Security (CodeQL) (github/codeql)
- Checkmarx SAST (CxSAST)
- Veracode Static Analysis
- DeepCode AI
- Soteria
- Snyk Open Source
AI recommended 7 alternatives but never named visa/visa-vulnerability-agentic-harness. This is the gap to close.
Show full AI answer
- CATEGORY QUERYWhat solutions improve SAST pipeline accuracy and accelerate vulnerability triage with AI?you: not recommendedAI recommended (in order):
- Snyk Code
- Checkmarx SAST (CxSAST) with CxAI
- Veracode Static Analysis (SAST) with AI/ML
- HCL AppScan Static Analyzer (SAST) with AI
- Fortify Static Code Analyzer (SCA) with Fortify Insight
- CodeQL
- DeepCode AI
AI recommended 7 alternatives but never named visa/visa-vulnerability-agentic-harness. This is the gap to close.
Show full AI answer
Objective checks
Rule-based audits of metadata signals AI engines weight most.
- Metadata completenesswarn
Suggestion:
- README presencepass
Self-mention check
Does AI even know your repo exists when asked about it directly?
- Compared to common alternatives in this category, what is the core differentiator of visa/visa-vulnerability-agentic-harness?passAI did not name visa/visa-vulnerability-agentic-harness — likely talking about a different project
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?
- If a team adopts visa/visa-vulnerability-agentic-harness in production, what risks or prerequisites should they evaluate first?passAI named visa/visa-vulnerability-agentic-harness explicitly
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?
- In one sentence, what problem does the repo visa/visa-vulnerability-agentic-harness solve, and who is the primary audience?passAI did not name visa/visa-vulnerability-agentic-harness — likely talking about a different project
AI answers can be confidently wrong. Read for accuracy: does it match your actual tech stack, audience, and differentiator?
Embed your GEO score
Drop this badge into the README of visa/visa-vulnerability-agentic-harness. It auto-updates whenever the report is rescanned and links back to the latest report — easy public proof that you care about AI discoverability.
Live preview[](https://repogeo.com/en/r/visa/visa-vulnerability-agentic-harness)<a href="https://repogeo.com/en/r/visa/visa-vulnerability-agentic-harness"><img src="https://repogeo.com/badge/visa/visa-vulnerability-agentic-harness.svg" alt="RepoGEO" /></a>Subscribe to Pro for deep diagnoses
visa/visa-vulnerability-agentic-harness — Lite scans stay free; this card itemizes Pro deep limits vs Lite.
- Deep reports10 / month
- Brand-free category queries5 vs 2 in Lite
- Prioritized action items8 vs 3 in Lite