Autofix Bot – AI-powered hybrid code review agent for secure, high-quality code

Summary: Autofix Bot combines deterministic static analysis with AI to detect security vulnerabilities, code quality issues, and hardcoded secrets, then generates verified patches. It integrates with Claude Code, Codex, and any MCP-compatible tool or runs standalone via terminal.

What it does

Autofix Bot applies over 5,000 static analysis rules to identify known vulnerability patterns and uses an AI layer to handle nuanced issues, generate fixes, and provide explanations. It detects vulnerabilities with 81% accuracy on the OpenSSF CVE Benchmark and achieves 93% F1 score in secrets detection.

Who it's for

It is designed for developers and teams using AI coding agents who need automated, reliable code review and patch generation integrated into their workflows.

Why it matters

It addresses the high error rates in AI-generated code by providing a hybrid review approach that improves detection and correction of security and quality issues beyond what LLM-only reviews achieve.