Hardpoint
Hardpoint is a static security scanner designed specifically for AI-assisted development environments. It detects the Rules File Backdoor attack - malicious instructions hidden in AI configuration files that are invisible to developers but executed by AI coding assistants.Why Hardpoint?
AI coding assistants like Cursor, Claude Code, and GitHub Copilot read configuration files to understand your project. Attackers can exploit this by:- Hiding malicious instructions in comments that AI models still read
- Embedding command injection in
mcp.jsonserver configurations - Encoding payloads in Base64 to evade visual inspection
- Backdooring git hooks to exfiltrate credentials
Quick Start
Detection Rules
| Rule | Severity | Description |
|---|---|---|
| AI-008 | Critical | Semantic Hijacking - 80+ obfuscation-resistant patterns |
| AI-005 | Critical | Command Injection in MCP configurations |
| AI-004 | Medium | Encoded Instructions (Base64 payloads) |
| GIT-001 | Critical | Malicious Git Hook Pattern |
| GIT-002 | Critical | Credential Exfiltration in Hook |
| GIT-003 | Medium | Network Access in Git Hook |
| GIT-004 | High | Obfuscated Git Hook Content |
| GIT-005 | Medium | Suspicious Git Remote URL |
| GIT-006 | High | Suspicious Credential Helper |
Scanners
| Scanner | Target Files | Threats Detected |
|---|---|---|
| AI | .cursorrules, CLAUDE.md, mcp.json, .github/copilot-instructions.md | Semantic hijacking, command injection, encoded content |
| Git | .git/hooks/*, .git/config | Malicious hooks, credential exfiltration, suspicious remotes |
Output Formats
Key Features
- Zero network access - All scanning happens locally
- Semantic analysis - Detects Rules File Backdoor attacks with 80+ patterns
- Obfuscation resistant - Handles leet speak, homoglyphs, Unicode normalization
- Trust/verify system - HMAC-SHA256 baselines for AI config integrity
- CI integration - Exit codes and SARIF output for automated pipelines