Autonomous engineering · mission control

Your repo never sleeps alone.

It hunts CVEs

Umbra is an autonomous AI engineering team for your GitHub repo. Sign in and the night crew hunts CVEs, traces incidents, reviews risk, and answers your codebase — then hands you the morning report.

See the crew ↓

Real OAuth — GitHub unlocks live scans of your own repositories.

Threat radar

Attack surface

LIVE
SCANNING

Dependency
exposure

OWASP A06
Runs on Codex credits
OSV.dev advisories
GitHub public + private
Grounded, never fabricated
PRs only — never auto-merge
Root-cause from git history
Runs on Codex credits
OSV.dev advisories
GitHub public + private
Grounded, never fabricated
PRs only — never auto-merge
Root-cause from git history

The night crew

Five specialists. One quiet shift.

WATCHMAN

Hunts CVEs in your dependencies with live OSV advisories.

REVIEWER

Scores blast-radius and risk on every open pull request.

DETECTIVE

Traces incidents to the root-cause commit from real git history.

JANITOR

Clears dead code and quiet tech debt in a disposable checkout.

?ASK UMBRA

Answers questions about your codebase, grounded in real refs.

How it works

Sign in. Point at a repo. Read the morning report.

01

Sign in

Continue with GitHub or Google. GitHub connects your own public and private repositories.

02

Point at a repo

Pick one of your repos. The night crew fans out — CVEs, git history, code retrieval — in parallel.

03

Read the morning report

Every finding is grounded and labelled with what produced it. No fabricated results, ever.

Meet the team

Built by one engineer, for every engineer.

Binay Dalai
Founder

Building Umbra so every repo has an autonomous engineering team on the night shift — grounded, auditable, and honest about what it did.

In ChatGPT

Talk to Umbra from ChatGPT.

Umbra ships as a ChatGPT plugin / GPT Action. Ask it to scan a repo, investigate an incident, or explain a codebase — grounded in real OSV and git data, never invented. No sign-in required; the read-only actions are public.

scanRepo

“Scan github.com/expressjs/express” → Umbra Score + live CVEs.

investigateIncident

Paste an error → the root-cause commit from real git history.

askUmbra

“How does routing work?” → an answer with real file:line references.

UMBRA
Findings are real and grounded. Live Codex runs on your own account or the founder's.
Built with Codex for OpenAI Build Week 2026.