AuthDrift

AuthDrift is a web app plus lightweight agent that continuously tests your staging (or ephemeral preview) environments for broken authentication and authorization. Instead of broad vulnerability scanning, it focuses on the failures that actually lead to breaches: IDOR, privilege escalation, missing object-level checks, insecure session handling, and role drift between services. You connect your API gateway or OpenAPI spec, define roles (or import from your IdP), and AuthDrift generates and replays realistic request sequences to see what a user can access after login, token refresh, and role changes. It flags endpoints where access control differs from policy, produces a minimal repro script, and opens a ticket with evidence. This is not magic: it won’t replace a security team, and it won’t find every bug. It’s a targeted, continuous safety net for teams shipping fast.