We build security-first software and the tools that make development faster, safer, and less painful.
See what we buildMost security problems stem from security being treated as a phase — something audited before release and forgotten until the next incident. We build it in from the start, at every layer.
From supply chain protection to secure credential handling, security is a design constraint for us, not a checklist item.
Security decisions made at architecture time — not discovered during a penetration test.
We build the tools we wish existed — pragmatic, lightweight, and designed around real development workflows rather than feature lists.
No unnecessary dependencies, no configuration overhead, no lock-in. Just tools that do one thing well and get out of your way.
Built with the same discipline we apply to client work — minimal dependencies, no bloat, clear purpose.
Products and tools from the Spyced Concepts lab — built to solve real problems in security and software development.
Security-first AI code review for every pull request. Leads with a sensitive data scan, then checks correctness, security, and code quality. Free with GitHub Models — no extra account needed. MIT licence.
Sync your Claude Code global configuration across every machine via git. Keep CLAUDE.md version-controlled; machine-specific paths stay local. Ships with five built-in slash commands. MIT licence.
Free YARA and Sigma detection rules for the Megalodon GitHub supply-chain campaign — 5,561 repositories targeted via malicious CI workflow injection. 7 YARA rules, 5 Sigma rules, Docker test harness, reliability scoring. Apache 2.0.
Read moreSecurity hardening, large PR support, and clearer output — from a team that runs ReviewSentry on every pull request, including its own.
Read moreVerdict gate, draft PR skip control, colour-coded findings, extensible criteria configuration, and a full BDD test suite — all in the latest ReviewSentry release.
Read moreA best-in-class AI vendor was switched off for everyone outside the US overnight. Here's what that means for UK SME tech stacks, and the redundancy principle that actually helps.
Read moreAs a small business, every hour matters. We built ReviewSentry to reclaim the time spent scanning code for the same predictable problems — and then open-sourced it, because that is what our values demand.
Read moreMost AI assistants start cold every session. Pointing them at a folder of your notes — Obsidian or any markdown editor — changes the whole working pattern. A day-1 vault structure, what to ask your AI, and where the security boundary is.
Read moreFrom architecture and outsourced development to compliance, AI integration, and tooling setup — Spyced Concepts delivers senior-level expertise across the full stack.