You don't know your AI stack.

AI tooling has no supply chain. No audit trail. No npm audit equivalent. No lockfile you can trust.

You install MCPs, agents, skills, hooks. They get access to your files, your context, your code.

And then nobody checks again. Not you. Not your team. Not the tool that gave you access to them in the first place.

That's why grekt exists.

Why this matters now

The AI tooling ecosystem is growing faster than anyone's ability to verify it. New MCPs weekly. New agent frameworks monthly. Everyone building, everyone shipping, but the missing piece is auditing.

This isn't a criticism. It's the natural state of a young ecosystem. But "young" doesn't mean "safe to ignore." The tools are already in your projects. The question is whether you know what they're doing there.

What grekt is

A CLI (and soon a dashboard ;D). Runs on your machine or your infra. Looks at every AI artifact in your stack and tells you what it finds.

Version drift. Stale configurations. Security gaps. Tools you forgot were there. Then it points you in the right direction to fix it.

No cloud dependency. No account. Your machine, your data, your terminal.

What this blog is for

We're not here to predict the future of AI. This blog exists to share things that are useful.

Audit findings. Patterns across real stacks. And research on the state of AI tooling security and trusting.

First real content drops soon.

Know your stack.