# VibeReview

> Catch insecure AI-written code before it ships.

## Pages

- [VibeReview vs GitHub Copilot](https://vibereview.app/vs/copilot): Copilot's built-in filter blocks generic known-bad patterns. VibeReview gives every agent your team uses a threat model of your specific repo — Copilot included.
- [VibeReview vs Snyk Code](https://vibereview.app/vs/snyk): Snyk scans code after it's written. VibeReview makes sure the AI doesn't write the bug. Feature-by-feature comparison and where you'd run both.
- [Use cases](https://vibereview.app/use-cases): Same VibeReview engine, three personas: security teams get governance, engineering leaders get velocity-with-posture, non-developer vibe-coding teams get safe shipping by default.
- [What is ACSM?](https://vibereview.app/what-is-acsm): ACSM (Agentic Coding Security Management) is the discipline of putting security controls in front of an AI coding agent — at prompt-time, not post-hoc. Here's the four pillars and why the threat-informed version is the only complete one.
- [About](https://vibereview.app/about): VibeReview is built by AppSec engineers who've shipped threat-modelling programs at Series-B startups and Fortune 100s. Meet the team — and the why.
- [Docs](https://vibereview.app/docs): VibeReview docs are moving in. Until then, check the vibereview-kit README and in-product help.
- [Product](https://vibereview.app/product): Six product surfaces: codebase profiling, guardrail generation, MCP server, PR review, dashboards, CLI & hooks.
- [Pricing](https://vibereview.app/pricing): Free for individuals. $19 per dev / month on Team. Custom Enterprise and self-hosted On-Prem plans.
- [Integrations](https://vibereview.app/integrations): VibeReview integrates via MCP with Claude Code, Cursor, Codex, and GitHub Copilot. PR review apps for GitHub and GitLab. A CLI for everything else.
- [Home](https://vibereview.app/): VibeReview profiles your repo, generates security guardrails tailored to your stack, and surfaces threats inside Claude Code, Cursor, Codex, and Copilot.

## Explainers

- [Threat-informed vs taxonomy-informed: why your guardrails need a model](https://vibereview.app/learn/threat-informed-vs-taxonomy-informed): Two ACSM platforms can both claim "custom guardrails for your stack" — and one of them ships you twice the PR noise. Here's what to ask vendors to tell the difference.
- [What is ACSM? A field guide for engineering leaders](https://vibereview.app/learn/what-is-acsm-field-guide): A working definition of Agentic Coding Security Management (ACSM), the four pillars to evaluate any ACSM platform against, and three interview questions for your AI coding stack.

## Posts

- [Welcome to the VibeReview blog](https://vibereview.app/blog/welcome-to-the-vibereview-blog): Notes from the guardrail — what we're shipping, what we're seeing in repos, and what the prompt-to-PR loop needs next.

## Agent access

- MCP endpoint: https://vibereview.app/_emdash/mcp
- RSS feed: https://vibereview.app/blog/rss.xml
- Sitemap: https://vibereview.app/sitemap.xml