Lightcone × Kai

Lightcone paired their third-party security audit with continuous AI maintenance from Kai. The combination shipped a verified fix inside the audit window, on the class of work that's hardest to catch in isolation.

The setup

Lightcone (lightcone.xyz) runs a layered security posture. Ahead of a third-party audit, they brought Kai into their codebase as a continuous AI maintainer, sitting alongside the team's engineers and IC coding agents. The audit covered its scope, the team kept shipping product, and Kai ran its own pass over the repo, reading the codebase against itself and against the team's history of how things are normally done.

What surfaced

A path that enforced a trust decision wasn't built the way the team handled trust decisions elsewhere in the codebase. The check looked safe in isolation, but the construction was off in a way that was worth proving out. This is the kind of thing that's hardest to catch in isolation: not a violation of any single rule, but a deviation from the codebase's own conventions, which is exactly the surface a continuous, in-repo maintainer is positioned to see.

How it shipped

The proposing agent lifted the suspect logic into an isolated sandbox and ran attacker-shaped inputs against it until something got through. A separate verifier agent re-ran the harness against the proposed fix and confirmed the bypass was closed. Only then did it become a PR for Lightcone's team to review and merge.

The agent proposing a change is never the agent approving it. A finding without a working exploit does not leave the sandbox. By the time it reached the team, it was a clean PR with a proven exploit and a verified patch attached.

Outcome

Verified fix shipped inside the audit window. Audit closed on time. Lightcone's team kept shipping product, with one more proven-and-fixed surface area behind them.