Blog

Blog.

Product updates, security analysis in practice, engineering notes and team thinking — the public notebook of the AVL Code team.

· 10 min read

AVL Code: Why We Chose Closed Source

During AVL Code's alpha, users asked us — why not open source? Our answer: a security agent is a double-edged capability that must restrain itself and stay asymmetric to attackers; trust comes from verifiable releases, not readable source. We respect open source — it just shouldn't be the default delivery form for an adversarial security agent.

Open SourceClosed SourceSupply Chain SecuritySecurity AgentAsymmetryAVL Code
Read more
· 9 min read

Using AVL Code to Verify the Rumor That “Claude Code Has a Hidden Mechanism to Specifically Detect Chinese Users”

A Reddit post about Claude Code claims the client contains hidden detection logic targeting Chinese time zones, China-related proxies, and Chinese AI service keywords. Working from the analysis process and screenshots reported by an AVL Code user, we organized the results of reverse engineering a locally installed sample: the detection and prompt-encoding mechanisms do exist in the client code, and the key technical chain in the original post has a verifiable basis.

Claude CodeReverse EngineeringPrivacySupply Chain SecurityAVL Code
Read more
· 6 min read

Did GLM-5.2 Beat Mythos? The Specialized Harness Beat the General-Purpose One

A headline popped out of Semgrep's cybersecurity benchmark — open-source GLM-5.2 scored 39% F1 on IDOR vulnerability detection, beating Claude Code (Opus 4.8) at 28%. But the story isn't only about models. Put GPT-5.5 and Opus 4.8 into Semgrep's specialized security harness, and their scores jump from 20% and 28% to 61% and 53%. The harness is an equally critical, chronically underrated part of the system — the model matters, the harness matters, and a specialized harness beats a general-purpose one.

HarnessAgentsSecurity AnalysisBenchmarks
Read more
· 9 min read

How Heavy Is the Harness? We Put 10 AI Coding Tools' Installers on the Scale

On a single day, we put the latest installers of 10 mainstream AI coding tools on the scale. Among desktop GUI clients, AVL Code is the lightest — and the only graphical client squeezed down to CLI/TUI territory. But light isn't the goal; it's restraint grounded in engineering practice — every resource saved goes back to the task itself.

Size ComparisonInstallersDesktop ClientsLightweight
Read more
· 6 min read

From Wonder to Reason: The Five Stages of the AI Coding Maturity Curve

Almost everyone who has written code with AI has ridden the same emotional roller coaster: the wonder of first contact, the cursing at stupid answers, the swagger of feeling omnipotent, the fatigue you can't quit — and only at the end, learning to walk with it clear-eyed. A post about the AI coding maturity curve, and why we built AVL Code to the blueprint of “stage five.”

AI CodingMaturity CurveAgentsLong-termism
Read more
· 9 min read

On the Road of Agent Development, We Are Don Quixote

Hamlet, or Don Quixote? Facing mountains like Claude Code, Codex, and Cursor, we chose to set out riding a donkey — a team's own account of how AVL Code grew up through doubt, trial and error, and dogfooding.

TeamDon QuixoteAgentsDogfooding
Read more
· 3 min read

Asking Heaven on the Primordial Path— Dragon Boat Festival Wishes from the Antiy AI Security Team

Keystrokes for a pen, bound for a dialogue with heaven and earth that spans millennia — Dragon Boat Festival wishes from the Antiy AVL Code dev group, honoring the questing spirit of Qu Yuan’s “Heavenly Questions” and Liu Zongyuan’s “Heavenly Answers.”

Dragon Boat FestivalTeamQuest
Read more
· 6 min read

Putting a “Self-Disciplined Security Engineer” on Your Machine — The AVL Code Team’s Story

AI coding assistants have been arriving in waves for the past two years. Claude Code, Code…

Read more