> ## Documentation Index
> Fetch the complete documentation index at: https://docs.zenable.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Preventing AI Mistakes

> Real-time safety net that catches SQL injections, hardcoded secrets, and policy violations as code is written

## Overview

AI coding assistants generate vulnerable code with security flaws and compliance violations. Zenable acts as a real-time safety net that catches SQL injections, hardcoded secrets, and policy violations as code is written - ensuring you ship AI-accelerated code with confidence and zero security compromises.

## How It Works

Zenable provides two layers of protection:

1. **Out-of-the-Box Protection** - Industry-standard security and quality checks that apply to everyone
2. **Custom Requirements** - Your organization's unique policies and decisions

## Out-of-the-Box Protection

Zenable automatically prevents common AI mistakes without any configuration:

<Card title="Standard Security Protections" icon="shield">
  * **SQL Injection** - Enforces parameterized queries
  * **Hardcoded Secrets** - Detects API keys, passwords, tokens
  * **XSS Vulnerabilities** - Prevents script injection attacks
  * **Path Traversal** - Blocks directory traversal attempts
  * **Missing Authentication** - Flags unprotected endpoints
  * **Weak Cryptography** - Identifies insecure algorithms
</Card>

<Card title="Code Quality Standards" icon="check">
  * **Resource Leaks** - Ensures proper cleanup (files, connections)
  * **Error Handling** - Requires try-catch for critical operations
  * **Type Safety** - Enforces proper typing in TypeScript/Python
  * **Performance Issues** - Catches N+1 queries, inefficient loops
  * **Race Conditions** - Identifies thread safety issues
</Card>

### Quick Example: Standard Protections

```python theme={null}
# ❌ AI generates (multiple standard violations)
def get_user_data(user_id):
    conn = db.connect()  # Resource leak
    query = f"SELECT * FROM users WHERE id = {user_id}"  # SQL injection
    return conn.execute(query)

# ✅ Zenable automatically fixes
def get_user_data(user_id):
    with db.connect() as conn:  # Proper resource management
        query = "SELECT * FROM users WHERE id = ?"  # Parameterized query
        return conn.execute(query, (user_id,))
```

## Custom Organization Requirements

Upload your unique organizational decisions and policies for enforcement:

> "Our payment processing must always use our internal PaymentOrchestrator service, never direct gateway calls. All customer data operations must include audit logging with department tags. Use our custom retry policy: 3 attempts with exponential backoff starting at 2 seconds."

### Real Custom Requirements Examples

#### Example 1: Internal Service Architecture

**Your Policy:** "All external API calls must go through our API Gateway service with circuit breakers"

```python theme={null}
# ❌ AI might generate direct calls
async def fetch_weather(city):
    response = await requests.get(f"https://api.weather.com/v1/{city}")
    return response.json()

# ✅ Zenable enforces your architecture
async def fetch_weather(city):
    return await api_gateway.call(
        service="weather",
        endpoint=f"/v1/{city}",
        circuit_breaker=True,
        timeout=5000
    )
```

#### Example 2: Company-Specific Audit Requirements

**Your Policy:** "All data modifications must log: user ID, department, cost center, and business justification"

```python expandable theme={null}
# ❌ AI generates standard CRUD
def update_inventory(product_id, quantity):
    db.execute("UPDATE inventory SET quantity = ? WHERE id = ?",
               (quantity, product_id))

# ✅ Zenable adds your audit requirements
def update_inventory(product_id, quantity, user_context):
    audit_log.record({
        "action": "inventory_update",
        "user_id": user_context.id,
        "department": user_context.department,
        "cost_center": user_context.cost_center,
        "justification": user_context.business_reason,
        "changes": {"product_id": product_id, "new_quantity": quantity}
    })

    db.execute("UPDATE inventory SET quantity = ? WHERE id = ?",
               (quantity, product_id))
```

#### Example 3: Custom Business Logic

**Your Policy:** "All pricing calculations must include our dynamic margin algorithm based on customer tier and seasonality"

```javascript expandable theme={null}
// ❌ AI uses simple calculation
function calculatePrice(basePrice, discount) {
    return basePrice * (1 - discount);
}

// ✅ Zenable enforces your business rules
function calculatePrice(basePrice, customerId) {
    const customer = getCustomer(customerId);
    const seasonalFactor = getSeasonalPricingFactor();
    const tierMultiplier = getTierMultiplier(customer.tier);
    const dynamicMargin = calculateDynamicMargin(
        customer.purchaseHistory,
        seasonalFactor
    );

    return basePrice * tierMultiplier * seasonalFactor * (1 + dynamicMargin);
}
```

#### Example 4: Compliance-Driven Requirements

**Your Policy:** "European customer data must stay in EU regions and use GDPR-compliant deletion"

```python expandable theme={null}
# ❌ AI doesn't consider data residency
def delete_user(user_id):
    db.execute("DELETE FROM users WHERE id = ?", (user_id,))

# ✅ Zenable enforces compliance requirements
def delete_user(user_id):
    user = get_user(user_id)

    if user.region == "EU":
        # GDPR-compliant soft delete with retention policy
        eu_db.execute(
            "UPDATE users SET deleted_at = ?, anonymized = true WHERE id = ?",
            (datetime.now(), user_id)
        )
        schedule_permanent_deletion(user_id, days=30)
        notify_data_protection_officer(user_id, "soft_delete")
    else:
        # Standard deletion for non-EU
        db.execute("DELETE FROM users WHERE id = ?", (user_id,))
```

## In Action

When you use AI to generate code, Zenable automatically:

1. Applies all standard security and quality checks
2. Enforces your custom organizational requirements
3. Provides immediate feedback to the AI for correction
4. Shows you the safe, conformant version

## Why Custom Requirements Matter

### Enforce Architectural Decisions

* Ensure AI respects your microservice boundaries
* Maintain consistent use of internal libraries
* Enforce your specific design patterns

### Maintain Business Logic

* Protect proprietary algorithms
* Ensure regulatory compliance
* Enforce customer-specific requirements

### Preserve Team Standards

* Maintain your naming conventions
* Enforce your logging standards
* Keep your error handling patterns

## Related Use Cases

* [AI Tools & New Features](/use-cases/ai-tools-new-features) - Build features faster
* [Policy as Code](/use-cases/policy-as-code) - Define custom rules programmatically
* [Security Assessment](/use-cases/security-assessment) - Deep security scanning