Find unreviewed AI code in your prod codebase
I started building LineageLens because I kept asking a question that nobody on my team could answer: if a CVE gets traced back to an AI-generated line in production next week, what evidence do we actually have?
Not "we use Copilot and review everything." Machine-readable evidence: which model generated which lines, with what prompt, at what confidence, and whether a human reviewed the AI context before it shipped.
For most teams, the answer is nothing. The Cloud Security Alliance put a number on it this month: 81% of organizations have no complete visibility into where AI-generated code lives in production. That gap grows larger every sprint.
LineageLens intercepts AI tool traffic at the proxy layer to capture provenance records at generation time -- the only moment when model, prompt, file path, and edit context all coexist. Then the blame engine maps those records onto current file contents:
```
lineagelens report . --review-status unreviewed --category auth
```
You get back exactly which auth-path files in your live repo contain AI-generated code that no human has reviewed.
Curious whether teams here are treating AI code provenance as a security problem, a compliance problem, or neither yet. What's your current setup for knowing what your AI tools actually wrote?


Replies
Feels something security teams will quietly rely on. Having a clear trail from model → code → review could save a lot of confusion later.
Lineage Lens
What do you think of this ??