Blog
Blog.
Product updates, security analysis in practice, engineering notes and team thinking — the public notebook of the AVL Code team.
AVL Code: Why We Chose Closed Source
During AVL Code's alpha, users asked us — why not open source? Our answer: a security agent is a double-edged capability that must restrain itself and stay asymmetric to attackers; trust comes from verifiable releases, not readable source. We respect open source — it just shouldn't be the default delivery form for an adversarial security agent.
Using AVL Code to Verify the Rumor That “Claude Code Has a Hidden Mechanism to Specifically Detect Chinese Users”
A Reddit post about Claude Code claims the client contains hidden detection logic targeting Chinese time zones, China-related proxies, and Chinese AI service keywords. Working from the analysis process and screenshots reported by an AVL Code user, we organized the results of reverse engineering a locally installed sample: the detection and prompt-encoding mechanisms do exist in the client code, and the key technical chain in the original post has a verifiable basis.
Did GLM-5.2 Beat Mythos? The Specialized Harness Beat the General-Purpose One
A headline popped out of Semgrep's cybersecurity benchmark — open-source GLM-5.2 scored 39% F1 on IDOR vulnerability detection, beating Claude Code (Opus 4.8) at 28%. But the story isn't only about models. Put GPT-5.5 and Opus 4.8 into Semgrep's specialized security harness, and their scores jump from 20% and 28% to 61% and 53%. The harness is an equally critical, chronically underrated part of the system — the model matters, the harness matters, and a specialized harness beats a general-purpose one.
How Heavy Is the Harness? We Put 10 AI Coding Tools' Installers on the Scale
On a single day, we put the latest installers of 10 mainstream AI coding tools on the scale. Among desktop GUI clients, AVL Code is the lightest — and the only graphical client squeezed down to CLI/TUI territory. But light isn't the goal; it's restraint grounded in engineering practice — every resource saved goes back to the task itself.
From Wonder to Reason: The Five Stages of the AI Coding Maturity Curve
Almost everyone who has written code with AI has ridden the same emotional roller coaster: the wonder of first contact, the cursing at stupid answers, the swagger of feeling omnipotent, the fatigue you can't quit — and only at the end, learning to walk with it clear-eyed. A post about the AI coding maturity curve, and why we built AVL Code to the blueprint of “stage five.”
On the Road of Agent Development, We Are Don Quixote
Hamlet, or Don Quixote? Facing mountains like Claude Code, Codex, and Cursor, we chose to set out riding a donkey — a team's own account of how AVL Code grew up through doubt, trial and error, and dogfooding.
Asking Heaven on the Primordial Path— Dragon Boat Festival Wishes from the Antiy AI Security Team
Keystrokes for a pen, bound for a dialogue with heaven and earth that spans millennia — Dragon Boat Festival wishes from the Antiy AVL Code dev group, honoring the questing spirit of Qu Yuan’s “Heavenly Questions” and Liu Zongyuan’s “Heavenly Answers.”
Putting a “Self-Disciplined Security Engineer” on Your Machine — The AVL Code Team’s Story
AI coding assistants have been arriving in waves for the past two years. Claude Code, Code…
Read more