Security Review Prompts: Find Vulnerabilities in Your Code

AI is a remarkable security reviewer when prompted correctly — and a useless one when asked vaguely to "check this for security issues". The difference is whether you give the AI a threat model, the code in question, and a structured way to report findings.

1. Introduction

Security review is pattern recognition. SQL injection, path traversal, IDOR, weak crypto — these are classes of bug with familiar shapes. AI has seen thousands of examples of each, which means it can often spot them faster than a human reviewer. But it has to be told what to look for, where to look, and how to report what it finds. This tutorial gives you the prompt pattern for that.

2. The Concept Explained

Every security review has three inputs: the code being reviewed, the trust boundary (where user-controlled input enters), and the threat model (what an attacker is trying to achieve). Without all three, AI either misses real issues or invents fake ones.

Findings are only useful if they are categorised by severity. Otherwise the long list of "info" findings buries the one critical bug.

Imagine asking a security consultant to "look at the code". They would first ask: where does user input come from? What are you most worried about? What does this service protect? AI needs the same priming.

3. The Problem Without This Technique

The default is to paste code and ask "is this secure?". The AI returns a long list of generic platitudes — "use HTTPS", "validate inputs" — that don't actually look at your code.

Weak prompt

is this code secure?

[pastes a 100-line function]

You will get a generic security checklist masquerading as a review. The AI is unsure which inputs are user-controlled, so it warns about everything indiscriminately. Real vulnerabilities hide inside the noise.

4. The Solution

Strong prompt

Act as a senior application security engineer. Review the code below.

Stack: Node.js 20, Express 4, PostgreSQL via `pg` library.

Trust boundary:
- Anything inside `req.body`, `req.query`, `req.params`, `req.headers` is
  attacker-controlled.
- `req.user` is set by JWT-verifying middleware and can be trusted.
- The database is internal — its rows are NOT considered user input.

Threat model (in priority order):
1. SQL injection via the search endpoint
2. IDOR (one user accessing another user's data)
3. Unsafe deserialisation, path traversal, command injection
4. Auth/session weaknesses (token leakage, missing checks)
5. Information disclosure in error messages
6. Logic flaws specific to the domain (e.g. negative amounts, race conditions)

Code:

```js
[paste 60–120 lines of one route handler or one module]
```

Output format — one entry per finding, sorted by severity:
- ## [Severity: Critical/High/Medium/Low] Finding title
- Where: file:line range
- Why it matters: 1 sentence
- Exploit sketch: 1–2 sentences showing how an attacker would trigger it
- Minimal fix: a code snippet or 1-paragraph approach

If there are no findings under a given threat, say so explicitly. Do not
invent findings to fill the list.

The AI now knows what is attacker-controlled, what to prioritise, and exactly how to present each finding. Crucially, "do not invent findings" stops it from padding the report with low-quality issues.

5. Step-by-Step Breakdown

Set the role and stack. "Application security engineer" plus runtime + database + framework. Different stacks have different default footguns.
Define the trust boundary explicitly. What's tainted, what isn't. This is the single biggest accuracy lift.
List the threat model in priority order. Top three threats first. This tells the AI which patterns to look hardest for.
Paste a focused slice of code. One route or one module per review. Whole-codebase reviews dilute attention.
Demand a structured finding format. Severity, location, why, exploit sketch, fix. Without structure, findings are hard to triage.
Explicitly forbid invention. Tell the AI to say "no findings" rather than padding. This dramatically improves signal-to-noise.

Tip: Always have AI security reviews verified by a human. AI is excellent at recall (finding patterns) and weaker at precision (judging exploitability). A reviewer who looks only at the AI's high/critical findings can triage a large review in minutes.

6. Practice Exercises

Exercise 1

Pick the riskiest route in your project (search, file upload, anything that touches money or PII). Run the strong-prompt format. Triage the findings yourself: how many are real? How many are noise? Adjust the threat model section of your prompt to improve next time.

Exercise 2

Take a piece of code that you know has a vulnerability (intentionally introduce a SQL injection or IDOR, in a throwaway file). Run the security prompt. Did the AI find it? If not, what was missing from your trust boundary section?

Exercise 3

Build a reusable "security review template" prompt for your stack, with your trust boundaries and your threat model already baked in. Save it. Run it as part of every non-trivial PR. Treat AI security review as a standing pre-merge step.

7. Key Takeaways

Security review needs three inputs: code, trust boundary, threat model.
Define exactly what is attacker-controlled. Without it, AI either warns about everything or nothing.
Prioritise the threat model. Listing your top concerns first focuses the AI on real risks.
Demand a structured finding format (severity, location, exploit sketch, fix). Triage is impossible without it.
Tell the AI not to invent findings. "No findings of this kind" is a valid and valuable output.

Discussion

Building a Full Mini Project Using Only AI Prompts (Step-by-Step)Prompting AI to Write Regular Expressions (Regex)