Drupal AI Vulnerability Guardian: Triage 12 Vulnerability Patterns at Machine Speed

AI is making vulnerability discovery faster and cheaper. That is the easy part. The hard part is what happens next: an open-source maintainer with limited hours receives a flood of security reports and must decide which ones deserve immediate attention, which are false positives, and which can wait. Drupal AI Vulnerability Guardian was built to close that gap. It started as a 3-pattern scanner. It now ships as a 12-pattern detection engine with CVSS-style scoring, CWE identifiers, maintainer burden assessment, and a test suite that validates every detection path. 🚨 Danger: Detection Is Not Triage A scanner that dumps findings without severity, CWE context, and effort estimates creates more work for maintainers, not less. This tool attaches actionable metadata to every finding so maintainers can make decisions, not just read alerts. The Problem Drupal's security surface is wide. Modules interact with the database, render user-supplied markup, handle file uploads, and redirect between r