Find unreviewed AI code in your prod codebase

I started building LineageLens because I kept asking a question that nobody on my team could answer: if a CVE gets traced back to an AI-generated line in production next week, what evidence do we actually have?

Not "we use Copilot and review everything." Machine-readable evidence: which model generated which lines, with what prompt, at what confidence, and whether a human reviewed the AI context before it shipped.

For most teams, the answer is nothing. The Cloud Security Alliance put a number on it this month: 81% of organizations have no complete visibility into where AI-generated code lives in production. That gap grows larger every sprint.

LineageLens intercepts AI tool traffic at the proxy layer to capture provenance records at generation time -- the only moment when model, prompt, file path, and edit context all coexist. Then the blame engine maps those records onto current file contents:

```

lineagelens report . --review-status unreviewed --category auth

```

You get back exactly which auth-path files in your live repo contain AI-generated code that no human has reviewed.

Curious whether teams here are treating AI code provenance as a security problem, a compliance problem, or neither yet. What's your current setup for knowing what your AI tools actually wrote?

28 views

Add a comment

Replies

Best

Feels something security teams will quietly rely on. Having a clear trail from model → code → review could save a lot of confusion later.

What do you think of this ??