Trepan Launches Local AI Security Gatekeeper

This is a genuinely useful idea, but the real challenge is less “which model is best” and more whether the rules and prompts are tight enough to make the audit behave predictably on messy real code.

• –Local-only auditing is a strong differentiator for teams that can’t leak code snippets to cloud services.
• –The zero-baseline approach is compelling because it compares suggestions against explicit project rules instead of generic security advice.
• –The biggest risk is false confidence: an LLM auditor can sound certain while still missing context, edge cases, or architectural intent.
• –The product’s usefulness will hinge on rejection quality and developer UX in VS Code, not just raw model capability.
• –Smaller local instruct models may be enough for narrow rule sets, while larger models will probably help once the codebase and policy surface area grow.