AGAtharva GhamBackend · Platform · Security
Theme
Menu
Back to projects

Security Product2026

Featured project

Patchbot Security Platform

Engineered an enterprise-grade security platform featuring autonomous attack emulation (IAST) and high-entropy secret detection.

Evolved a baseline security scanner into an enterprise-ready tool by implementing Playwright-backed exploit confirmation and robust statistical secret detection, reducing false positives and accelerating remediation.

Architecture Diagram

How the system fits together

This visual is meant to show the operating shape of the project at a glance: where input begins, where decisions happen, and what the useful output surface actually is.

ScopeSecurity Product
SignalsIAST
Diagram of Patchbot Security Platform showing attack emulation, secret detection, and encrypted multi-tenant storage.

Diagram of Patchbot Security Platform showing attack emulation, secret detection, and encrypted multi-tenant storage.

Snapshot

What matters most in this project

IASTAutonomous Attack Emulation
High-EntropyStatistical Secret Detection
EnterpriseData isolation and encryption

Challenge

The core challenge was building reliable headless browser interactions for IAST and processing codebase metrics to ensure accurate high-entropy secret detection without overwhelming developers with noise.

Result

Deployed a production-ready security platform capable of authenticating web scans and proactively securing codebases with stringent data isolation.

Approach

  • Integrated Playwright for headless browser-based exploit confirmation to achieve Autonomous Attack Emulation (IAST).
  • Implemented High-Entropy Secret Detection using statistical analysis to intelligently identify and prevent sensitive data leaks.
  • Engineered multi-tenant data isolation and SQLCipher encryption-at-rest for enterprise data security.

Architecture

  • Headless Chromium session injection via Playwright confirms vulnerabilities actively during the web scanning phase.
  • A heuristic engine analyzes commit data using statistical entropy models to detect hardcoded secrets.
  • Data layer isolated through org_repo namespaces and encrypted at rest using SQLCipher.

Impact

Evolved a baseline security scanner into an enterprise-ready tool by implementing Playwright-backed exploit confirmation and robust statistical secret detection, reducing false positives and accelerating remediation.

  • Autonomous attack emulation with dynamic headless browser interactions.
  • Proactive discovery and suppression of high-entropy secrets.
  • Enterprise-grade security controls including multi-tenant isolation and encryption-at-rest.

Tradeoffs and Decisions

  • Accepted higher resource allocation for Playwright integration to achieve higher confidence attack confirmation.
  • Tuned secret detection thresholds to prioritize high-entropy strings, balancing detection rate with developer fatigue.
  • Invested in robust namespace isolation over simple access controls to ensure strict multi-tenant compliance.

Stack

Tools and technologies behind the work

PythonPlaywrightHeuristicsSQLCipherGitHub Integrations