Horizon Zero Security

See every threat
before it reaches you.

HZSec is a local security platform that finds exposed secrets, unsafe configs, and vulnerable code — then fixes them with AI that knows your codebase and real breach history.

Get early access → See how it works

✓ Runs 100% locally  ·  No code leaves your machine  ·  macOS & Windows

HZSec — Security Platform
HZSec
▣ Scan Center
◈ Assistant
◎ Live Monitor
≡ Audit Log
⚙ Settings
Security Posture
Score: 78
LOW THREAT
OWASP 71%
CRITICAL
AWS access key exposed in config
HIGH
SSL/TLS disabled in server config
HIGH
Wildcard CORS policy detected
MEDIUM
Debug mode enabled in production
200K+
CVEs in the knowledge base
10
Real breach cases embedded
6
Scan modes — code to hardening
0
Lines of your code leave your machine
The problem

Security tools are built
for teams. Not for you.

Most developers don't find out about a vulnerability until it's already been exploited. HZSec changes that.

🔍
You don't know what you don't know

Secrets get committed, configs get misconfigured, and debug flags get shipped to production. Without a scanner running locally, none of it surfaces until it's too late.

🤖
Generic AI gives generic advice

Asking ChatGPT about your security issues means describing your code in words. HZSec's assistant has already read your actual files — it knows exactly what's wrong and where.

You catch issues after the commit

CI/CD scanners run after you've already shipped the problem. HZSec's live monitor watches as you code, alerting you the moment something risky appears in any file.

What HZSec does

Built different.
Actually local.

Every feature runs on your machine. No uploads, no cloud processing, no SaaS subscriptions for basic functionality.

Security Scanner

Six scan modes.
One command.

Full scan, quick scan, secret scan, config audit, web front-end scan, and system hardening — each one tuned to its specific threat category with over 40 detection patterns.

  • Exposed API keys, passwords, AWS credentials, private keys
  • Misconfigured CORS, SSL/TLS, debug flags, network bindings
  • Unsafe eval, child process execution, DOM injection patterns
  • SSH hardening, sudo rules, file permissions, certificate validation
HZSec — Full Scan
$ hzsec scan ./my-project --mode full
Scanning 247 files across 6 engines...
✗ CRITICAL AWS access key in .env (line 12)
✗ HIGH SSL disabled in server.yml (line 34)
✗ HIGH Wildcard CORS in nginx.conf (line 8)
⚠ MEDIUM Debug mode enabled (line 2)
⚠ MEDIUM HTTP endpoint reference (line 19)
Score: 61 → Threat level: MEDIUM
5 findings · 3 auto-fixable · OWASP: 68%
$
AI Assistant

An expert who's
already read your code.

The assistant doesn't just know security — it knows your specific findings, your project type, your git history, and real breach cases that match your exact issues. Every answer is grounded in your reality.

  • Real breach cases injected — Uber, Equifax, Log4Shell and more
  • Live CVE database from CISA and NVD, synced on demand
  • OWASP, CIS, and SOC 2 compliance gap analysis
  • Proposes and applies multi-file fixes with a diff review step
U
Why is my AWS key finding so critical? Can you fix it?
Hz
This is critical because exposed AWS keys are exploited in under 10 minutes on average after discovery.
⚠ Real precedent: Uber (2022)
AWS keys committed to a private GitHub repo led to 57M records exposed and a $148M settlement.
I've prepared a fix plan — rotating the key reference to an environment variable. Want to review the diff?
Live Monitor

Watching while
you work.

The monitor sits in the background watching your files — folders and single files both supported. The moment something risky appears, you get an alert. With your API key, alerts come with AI-generated explanations and fix suggestions.

  • Diff-based — only alerts on net-new issues, not things you already know about
  • Desktop notifications so you see it even when the app isn't focused
  • AI explains what changed and why it matters, referencing real incidents
  • Session stats track files changed, issues found, and issues resolved
FILE CHANGED
config/server.yaml
⚠ NEW ISSUES (2)
config/server.yaml
SSL disabled · Debug mode enabled
✦ AI ALERT
config/server.yaml
You just disabled TLS in a production config. This matches the Equifax pattern — their expired cert left monitoring blind for 19 months. Re-enable SSL immediately.
✓ RESOLVED (2)
config/server.yaml
How it works

Up and running in 60 seconds.

No accounts, no cloud setup, no pipeline config. Download, open, scan.

1
Download & open

Download HZSec for macOS or Windows. Open it — no install wizard, no dependencies, no account required.

2
Point at your project

Select any folder or file. HZSec scans it locally across your chosen mode — full scan takes seconds on most projects.

3
Fix what matters

Review findings ranked by severity. Apply auto-fixes directly, ask the assistant about anything, or start the monitor for continuous coverage.

Pricing

Simple. No surprises.

Start free. Upgrade when you need the AI layer and live monitoring.

Free
$0
forever
Everything you need to scan your project, understand your findings, and fix the obvious issues.
  • Full security scanner — all 6 modes
  • 40+ detection patterns
  • Auto-fix for common issues
  • Score history & trend chart
  • Audit log
  • Dark & light theme
  • AI assistant
  • Live monitor
  • Breach intelligence
  • Compliance mapping
Get early access
MOST POPULAR
Pro
$12
per month · cancel anytime
The full platform — AI assistant with real breach intelligence, live monitor, and compliance mapping.
  • Everything in Free
  • AI assistant — explain, fix, advise
  • Live monitor — files & folders
  • Real breach case matching
  • Live CVE database (CISA + NVD)
  • OWASP · CIS · SOC 2 compliance
  • Agentic fixes with diff review
  • Fix memory & recurrence tracking
  • Desktop notifications
  • Priority support
Get early access →

Early access members get Pro free for 3 months. No credit card required to join the waitlist.

Why this matters

These breaches started
with issues HZSec detects.

Every breach case is embedded in HZSec's intelligence layer. When the scanner finds a matching pattern, the assistant tells you exactly what happened and how fast it was exploited.

Uber — AWS Keys in GitHub (2022)
57 million records exposed · $148M settlement
⏱ < 10 min to exploit HZSec detects: exposed API keys
Equifax — Disabled TLS Monitoring (2017)
147 million records · $575M FTC settlement
⏱ 78 days undetected HZSec detects: SSL/TLS disabled
Verkada — Hardcoded Admin Password (2021)
150,000 cameras compromised
⏱ Immediate access HZSec detects: hardcoded credentials
Log4Shell — Dynamic Execution (2021)
Hundreds of millions of systems vulnerable
⏱ < 2 hrs after disclosure HZSec detects: unsafe eval/exec patterns
FAQ

Common questions.

No. The scanner, monitor, and all detection logic run entirely on your machine. The only external call is to the Anthropic API when you use the AI assistant — and only the specific findings and snippet you're asking about are sent, not your entire codebase. Your API key is encrypted locally with AES-256-GCM.
Only for the AI assistant and AI-powered monitor alerts. The full security scanner, auto-fixes, score history, audit log, and all other features work without any API key. You can add your key at any time in the sidebar.
macOS and Windows. HZSec is built with Electron, so it runs natively on both. Linux support is planned for a future release.
Those tools are built for teams and CI/CD pipelines — they scan after you commit and require cloud accounts. HZSec runs locally on your machine, scans as you code, and pairs every finding with an AI assistant that knows your specific codebase. It's built for individual developers and small teams who want security without the enterprise setup.
Before every response, the assistant runs a pipeline: it matches your findings against 10 embedded real-world breach cases, searches a live CVE database from CISA and NVD, calculates your compliance gaps against OWASP/CIS/SOC 2, and checks your fix history for long-open or recurring issues. All of that context gets injected into Claude before it answers — so you get expert, specific advice rather than generic security tips.
Yes — but only with your explicit approval. Quick fixes apply a single safe transformation (toggling a flag, replacing a credential with a placeholder). The AI assistant proposes multi-file fix plans that you review in a diff view before anything is written. Every fix creates a versioned backup in ~/.hzsec/backups/ automatically — your project folder is never polluted.
Early access

Your security horizon,
always clear.

Join the waitlist. Early access members get Pro free for 3 months.

✓ You're on the list. We'll be in touch soon.

No spam. One email when we launch.