Independent, expert review of AI-assisted codebases — so costly mistakes surface before they reach production.
Building software with AI agents is fast. Dangerously fast. Speed hides problems. The AI Craftspeople Guild offers independent audit services to help individuals and organizations find the problems that speed conceals — before those problems become expensive, embarrassing, or irreversible.
Inspired by a chat with Thomas Frumkin
Traditional code review assumes a human wrote every line with deliberate intent. AI-assisted codebases break that assumption.
An AI agent may produce code that is syntactically correct, passes linting, and even passes tests — yet contains subtle hallucinations, misapplied patterns, or structural decisions that no experienced engineer would have made. These are not ordinary bugs. They are a new category of failure, and they require a new category of scrutiny.
Guild auditors are practitioners who work daily with AI agents in production environments. They know where AI code goes wrong, and they know how to find it.
AI agents frequently invent API methods, library functions, and configuration keys that do not exist. We systematically verify every external call and dependency reference against authoritative sources to surface phantom code before it fails silently in production.
AI-generated code has characteristic security blind spots: inadequate input validation, over-broad permissions, insecure defaults, and boilerplate authentication patterns copied from outdated examples. We audit against the OWASP Top 10 and AI-specific threat patterns.
AI agents write tests prolifically — but often write tests that confirm their own output rather than challenge it. We audit for test theatre: suites that provide coverage numbers without providing genuine verification of behavior, including edge cases the agent never considered.
When an AI suggests a dependency, it may reference an outdated version, a package with known vulnerabilities, or a library whose license is incompatible with your commercial use. We review every dependency for currency, security posture, and license risk.
AI agents optimize locally and forget globally. A codebase built incrementally with agent assistance often accumulates contradictory patterns, redundant abstractions, and structural debt that only becomes visible from a whole-system view. We provide that view.
AI-generated data access code is frequently inattentive to the sensitivity of what it touches. We audit for over-fetching, unnecessary logging of sensitive fields, insufficient access control, and data retention practices that create legal and regulatory exposure.
AI agents tend to produce happy-path code. Error handling is often absent, shallow, or copy-pasted. We identify failure modes that are unhandled or silently swallowed, and assess whether the system degrades gracefully under realistic adverse conditions.
If your system uses AI agents internally, the prompts, tools, and permissions granted to those agents are themselves a security and reliability surface. We review agent configurations for over-permissioning, prompt injection exposure, and runaway autonomy risks.
An ACG audit is appropriate at any of the following moments.
Any system built substantially with AI agent assistance deserves independent scrutiny before it faces real users and real consequences.
Technical due diligence will examine code quality and security posture. An ACG audit surfaces issues before they surface at the worst possible time.
Catching drift before it compounds is far cheaper than untangling it after it has been built upon for months.
A new engineering team inheriting an AI-assisted codebase needs an honest map of the terrain, not inherited assumptions about what was done and why.
When a failure has occurred and the root cause is unclear, an ACG audit can distinguish human error, agent error, and structural failure — and prevent recurrence.
We do not tell you what you want to hear. We tell you what your codebase actually contains.
A Guild audit is an independent, candid, craft-grounded review. We have no stake in the outcome except the quality of the work. That independence is the service.
Auditing finds problems. Optimization eliminates the conditions that create them.
Reduce token waste, eliminate dead weight, and make your AI-maintained codebase cheaper to run.
The auditors are practitioners. Get to know who would be reviewing your codebase.
Return to the AI Craftspeople Guild home page.