ACRA5 DAYS AI-Code Risk Audit · Fixed price · Five business days

How much of your codebase did the second author write?

Find out before someone with a term sheet does. A five-day, fixed-price independent audit of the newest risk category in software — scored for the people who ask the question: boards, buyers, and enterprise security reviews.

§ 01DEFINED What AI-code risk is

Four risk classes. One score.

AI-code risk is not "AI wrote bad code." Much of it is excellent. The risk is structural: Provenance Gap (nobody can say what the machine wrote), Duplication Debt (the 8× clone problem), Comprehension Collapse (code no one on payroll fully understands), and Confidence Inversion (dashboards that get greener as assurance gets weaker). The audit measures all four against stage benchmarks and returns a one-page scorecard your board can read in three minutes.

MeasuredMethod
Provenance shareCommit-forensics and tooling-trace analysis: what fraction of the codebase is machine-authored, and where.
Duplication indexClone detection scored against the GitClear-documented 8× market drift and stage benchmarks.
Security classesTargeted review of the vulnerability families AI introduces at a documented ~45% rate.
Comprehension mapStructured interviews: which subsystems can current staff actually explain and extend?
Test assuranceWho wrote the tests — and do they assert requirements or merely the implementation?
§ 02METER The AI-Code Exposure Meter

Eight questions. One honest band.

A two-minute self-assessment against the audit's screening criteria. It is not an audit — it tells you whether you need one.

$6,500 founding · five days · one scorecard

Provenance map, duplication index, security review, comprehension map, test-assurance read — scored, benchmarked, board-ready.