Cortex is an AI application security analyst that scans your GitHub repository for security vulnerabilities, architecture issues, and code quality problems. It uses a 7-agent AI pipeline inspired by neuroscience to analyze your entire codebase in 2–5 minutes and generates a detailed security report with fix suggestions.

Is AI-generated code secure?

Studies show that 40–45% of AI-generated code contains at least one security vulnerability. AI coding tools like Cursor, GitHub Copilot, and ChatGPT generate code that often includes SQL injection, hardcoded API keys, insecure authentication, and XSS vulnerabilities. Cortex was built specifically to detect and fix these AI-generated code patterns.

How does Cortex scan my code?

Paste your GitHub repository URL into Cortex. Seven specialized AI agents run in sequence: (1) Git Connect clones the repo, (2) Reconnaissance maps the codebase, (3) Security Scanner finds vulnerabilities, (4) Architecture Analyzer reviews design patterns, (5) Code Quality Agent checks best practices, (6) Technical Debt Agent finds maintenance issues, (7) AI-Specific Agent detects AI-generated code patterns. The Orchestrator synthesizes all findings into a single scored report.

What security vulnerabilities does Cortex detect?

Cortex detects SQL injection, XSS (Cross-Site Scripting), CSRF, SSRF, hardcoded API keys and secrets, insecure authentication, weak encryption, path traversal, command injection, and more. All findings are mapped to OWASP Top 10 and CWE standards with exact file locations and fix suggestions.

How much does Cortex cost?

Cortex offers a free tier with 5 security scans per month. Paid plans start at $9/month (Starter, 25 scans) and $49/month (Team, 100 scans). Enterprise pricing is available for unlimited scans with custom integrations.

Does Cortex store my source code?

No. Cortex temporarily clones your repository to perform the security analysis, but does not permanently store your source code. Only the security report and findings are saved to your account. Your code is never used to train AI models.

How is Cortex different from Snyk or Checkmarx?

Snyk and Checkmarx are enterprise tools costing $500–$2,000/month, built for large security teams. Cortex is built for indie developers, startups, and teams shipping AI-generated code. Key differences: Cortex uses a 7-agent AI pipeline (not single-model scanning), includes an AI chat advisor that understands your codebase, detects AI-generated code patterns specifically, and starts free at $9/month.

What programming languages does Cortex support?

Cortex supports JavaScript, TypeScript, Python, Go, Java, Ruby, PHP, and more. It analyzes any GitHub repository regardless of language, detecting security vulnerabilities and code quality issues across the entire codebase.

Legal

Privacy Policy

Last updated: June 24, 2026

This policy explains what data we collect, why we collect it, how we use it, and your rights over it. We have written it to be readable — not to bury things in legal language.

1. Who Is Responsible for Your Data

Cortex is operated by Hamza Hafeez, If you have any questions about how your data is handled, contact us at cortexedr@gmail.com.

2. What Data We Collect

We collect the following categories of data:

Account Information

When you create an account, we collect your name, email address, and (if signing in via Google or GitHub) a profile image URL. If you use email and password, your password is stored as a one-way hash — we cannot read it.

Repository Data

When you submit a GitHub repository for scanning, we temporarily clone the repository to process it. Code files are passed to AI models to generate security findings. We store the resulting report (findings, scores, summaries) and associate it with your account. We do not permanently store the full raw source code.

Chat History

If you use Cortex Chat, the messages you send and the AI responses are stored and associated with your account so you can review them later. Chat context includes references to your scan results.

Usage Data

We collect basic usage information such as scan timestamps, the number of scans performed, and feature interactions. This helps us understand how the service is used and identify performance issues.

Billing Information

Payments are handled by Paddle. We do not store credit card numbers or full payment details. We receive confirmation of subscription status from Paddle and store your plan tier and billing dates.

3. How We Use Your Data

We use the data we collect for the following purposes:

→Providing the service: Running security scans, generating reports, and enabling Cortex Chat.
→Account management: Authentication, session management, and plan enforcement.
→Email communication: Sending transactional emails (account confirmation, password resets). We do not send marketing emails unless you explicitly opt in.
→Improving the product: Understanding how features are used to prioritize fixes and improvements. We do not use your code or scan results to train AI models.
→Billing and subscriptions: Tracking plan status, processing payment confirmations from Paddle.

4. Who We Share Data With

We do not sell your data. We share data with the following third-party services, only to the extent necessary to operate Cortex:

Supabase

Database and authentication infrastructure

Stores user accounts, scan results, and chat history. Data is hosted in Supabase's managed PostgreSQL environment.

AI Providers (Google Gemini, Anthropic Claude, DeepSeek, Groq)

AI analysis pipeline

Code snippets and file contents are sent to these providers to generate security findings. Each provider has its own privacy policy governing model inputs.

Paddle

Payment processing

Handles billing and subscription management. Paddle is the merchant of record for paid transactions.

Resend

Transactional email delivery

Used to send emails such as account confirmations and password resets.

Vercel

Hosting and deployment

The application is deployed on Vercel infrastructure. Request logs may be retained by Vercel per their policy.

5. Cookies and Session Storage

Cortex uses cookies to maintain your login session. These are secure, HTTP-only cookies that expire after 30 days of inactivity. We do not use tracking cookies, advertising cookies, or fingerprinting techniques.

We do not use Google Analytics, Meta Pixel, or any third-party analytics that tracks you across other websites.

6. Data Retention

We retain data as follows:

Account dataRetained until you delete your account.
Scan results and reportsRetained as long as your account exists. You can delete individual scans from your dashboard.
Chat historyRetained as long as your account exists. You can delete conversations at any time.
Repository code contentNot permanently stored. Cloned temporarily during scanning and discarded after the report is generated.
Billing recordsRetained for a minimum of 7 years for accounting and legal compliance.

7. Your Rights

You have the following rights over your data:

→Access: You can request a copy of all data we hold about you.
→Correction: You can update incorrect information from your account settings.
→Deletion: You can delete your account and associated data at any time. We will process deletion requests within 30 days.
→Portability: You can request an export of your scan reports and chat history in a machine-readable format.
→Objection: You can object to any processing that is not strictly necessary to provide the service.

To exercise any of these rights, email us at cortexedr@gmail.com. We will respond within 14 days.

8. Security

We use industry-standard practices to protect your data: encrypted connections (HTTPS), hashed passwords (bcrypt), secure session cookies, and access controls on our database.

No system is completely secure. If we become aware of a breach that affects your data, we will notify you within 72 hours of discovery.

9. Children

Cortex is not intended for use by anyone under 16 years of age. We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it promptly.

10. Changes to This Policy

If we make meaningful changes to this policy — particularly around how we collect or use data — we will notify you by email at least 14 days before the change takes effect. Minor updates (such as clarifications or formatting) may be made without notice.

11. Contact

Questions, data requests, or concerns about this policy:

Email: cortexedr@gmail.com

Operator: Hamza Hafeez Bhatti

Location: Lahore, Pakistan

← Back to home Terms of Service →