Annex III
High-risk AI detection
Static signals for employment, credit, biometric, insurance, and law-enforcement AI patterns in your source code — scope the legal classification work.
SimpleBeacon
Release hygiene for AI-assisted code
LLMs write your code. Sample JSON and fiction KPIs slip into production routes. SimpleBeacon catches them before the client walkthrough.
Local MCP for shift-left feedback · full-repo --gate for PR/CI · tuned allowlists so you report blocking issues, not raw finding counts.
Free: one command — npx --yes simplebeacon init --starter (Cursor MCP, GitHub Action, offline scans).
Optional: executive clearance PDF ($499) from your gate report when you need a client-room artifact — not required to use the CLI.
Homepage diagnostic below runs in your browser — nothing uploads. MCP and CLI run locally with --offline; we never need your source zip for the free tier.
Get started — free CLI & MCP
Install & MCP setup · GitHub · npm · Watch demo · All repo demos · Pricing & agency packs · View sample report · Sample certificate · Contact us
Product demo
Watch SimpleBeacon in action
Gate output and blocking issues on a real branch — same rules as MCP and CI. All walkthroughs · install first.
Independent demo on a sample or public repo — not an official audit of any company shown. Open on YouTube · Full demo library
Instant AI-fiction & token diagnostic
Paste a config snippet or drop one file. Runs locally in your browser — nothing uploads.
Use test data or redact first — don’t paste production secrets, even though nothing uploads.
Free prep tool: bundle a few local files into one JSON (max 256 KB) and drop it here — still 100% private.
Or drag & drop a snippet or simplebeacon-diagnostic-bundle.json from the prep tool
Blocking patterns detected in this snippet
Deterministic checks found credential, sample-path, or fiction KPI shapes — the kind of slop clients spot in walkthroughs when a dashboard still imports *-sample.json, not the CVEs Snyk flags.
This check scanned one snippet only. Run the full-repo gate locally — same rules, your machine:
npx --yes simplebeacon init --starternpx simplebeacon scan --gate --offlineOptional: book a formatted executive PDF ($499) from your gate JSON when the client room needs a document — request clearance.
Want to test more locally? Bundle a few files with the free prep tool (still private, max 256 KB).
This snippet looks clean. AI-fiction KPIs and mock paths often hide in other folders, imports, and config files this quick check cannot see — the same gaps that embarrass agencies in client walkthroughs.
Homepage demo = one snippet · full gate = scan --gate --offline on your repo · optional $499 PDF from that report.
EU AI Act · August 2026 deadline
Get EU AI Act ready before August 2026
Enterprises deploying AI in the EU face fines up to 7% of global turnover. SimpleBeacon scans your repo for Annex III high-risk patterns, Article 50 transparency gaps, and missing documentation — a fraction of the cost of legal consulting alone.
Deadline: High-risk AI systems must comply by August 2, 2026 · Agencies serving EU clients need audit tooling now.
Art. 50
Transparency obligations
Flags user-facing LLM integrations without AI-generated or AI-interaction disclosure — the gaps clients spot before regulators do.
Docs
Documentation completeness
Checks for model cards, risk assessments, and technical documentation when AI systems are detected — readiness signals, not legal certification.
View real EU AI Act sample report (scanned from our own codebase) · EU AI Act sprint — $2,499
Agency CI: copy simplebeacon-eu-ai-act.yml from our GitHub examples ·
npx simplebeacon compliance --checklist eu-ai-act --gate
Reputation workflow
From one-off audit to recurring agency shield
Investors and buyers both want the same thing: proof you caught AI slop before the client does. SimpleBeacon starts transactional, then stays on the repo.
Step 1
Local MCP + CLI — free
npx --yes simplebeacon init --starter wires Cursor MCP, config, and GitHub Action. Scan snippets while coding; run scan --gate --offline before PR.
Community install guide · no repo upload.
Step 2
CI gate on every PR
Reporting-first mode tunes noise; --gate blocks merge when fiction KPIs or sample paths leak into production dirs. Same rules as MCP — authoritative on the full branch.
Step 3 · optional
Executive clearance PDF — $499
Formatted pass/fail report from your local gate JSON when the client room needs a document — not a substitute for running the CLI yourself.
Step 4
Co-branded proof of work — from $999
Agency packs include milestone scans plus white-label hygiene certificates (your logo, brand color) for the client CTO — a sales-close artifact, not just a dev log.
Step 5 · optional
Cloud Teams — internal scan history
$49/mo (waitlist) for your dev team’s hosted dashboard — scan history and compliance UI. Not a client clearance PDF; upsell after $499 proves the wedge.
Why agencies switch
SimpleBeacon vs. traditional security scanners
Snyk, GitHub Advanced Security, and GitGuardian are built for hacker defenses — CVEs, dependency bugs, and secret patterns in the cloud. SimpleBeacon solves a different problem: AI-era reputation risk before your client sees the repo.
| What matters at handoff | Snyk & GitHub Security | SimpleBeacon |
|---|---|---|
| Data privacy | Uploads source to vendor cloud — corporate data-leak risk | Local CLI & MCP by default · optional PDF from your report · no standing SaaS repo hook |
| Primary pain | Snyk stops hackers from breaking your code | SimpleBeacon stops hallucinations from firing your agency |
| Sample data in prod routes | No signal on import … from './kpi-sample.json' in shipping code |
Flags runtime loads of *-sample.json, web/data, and mock/fixture paths — with intent classification to skip demo/example routes |
| Buying motion | Enterprise contracts — months of sales cycles | Free CLI + MCP · optional $499 PDF from your report · agency certificates · optional Teams |
Snyk and GitHub Advanced Security keep persistent cloud access to your repo. SimpleBeacon runs on your machine — MCP, CLI, and the homepage snippet check never upload source by default.
Three things only SimpleBeacon does
01
AI-fiction KPI & hygiene sieve
Snyk stops hackers from breaking your code. SimpleBeacon stops hallucinations from firing your agency — fake completion rates in *-sample.json, and route handlers that still require('../web/data/…') instead of live APIs.
Protects your agency from looking sloppy in front of clients.
02
Local-first, not cloud indexing
MCP and CLI run on your machine with --offline. Optional $499 clearance is a formatted PDF from your gate report — not a required repo zip for the free tier. Cloud Teams ($49/mo) is separate internal tooling.
Product = local gate · dashboard = optional.
03
Executive pass/fail gate
Most tools dump millions of JSON log rows a CFO cannot read. We deliver a dark, print-ready PDF with a clear gate verdict and line-by-line developer remediations.
Hand your client a formal executive PDF at handoff ($499) or co-branded certificates ($999+).
View the sample audit report — same layout as paid deliverables, redacted for marketing.
Optional paid deliverable
When you need a client-room PDF (not a substitute for the CLI)
Most security scanners run silently in the background, generating thousands of false-positive warnings that developers eventually mute. SimpleBeacon is a tuned gate — MCP while coding,
--gatebefore merge.If your client’s engineering lead wants a formatted artifact, $499 turns your local gate report into an operator-reviewed executive PDF — pass/fail verdict plus developer remediations. You run the scan; we format and review the deliverable.
Agencies use it to close a milestone without uploading source to a standing SaaS scanner.
📄 Executive clearance PDF (optional)
$499 Formatted PDF from your local gate report — operator-reviewed
- ✓ Run
npx simplebeacon scan --gate --offlinefirst — send us the JSON report - ✓ 48-hour executive PDF — gate verdict + developer remediations
- ✓ AI-fiction KPI sieve — fake stats,
*-sample.json/web/dataprod leaks - ✓ No standing SaaS repo hook — unlike enterprise scanners that persist in your cloud
Need it before a client walkthrough? Book below — priority when delivery date is provided. Free CLI & MCP works without booking.
Read-only · Opinion-based audit · Not penetration testing · Contact us · Sample report · Terms · Privacy · Refunds