AI-Origin Detection
AI-Origin Detection estimates whether a code artefact was likely produced by an LLM, and explains why. The goal is informed review, not gatekeeping.
What it is
Heuristic + LLM-assisted analysis of stylistic, structural and comment patterns associated with model-generated code.
Why it's useful
Helps reviewers calibrate scrutiny: AI code is often syntactically clean but semantically off in subtle ways.
How Decoder implements it
Static heuristics produce a base signal; if a BYOK or local model is available, Decoder verbalises the rationale in the user's selected tone.
When to use it
Code review of unfamiliar PRs, onboarding to a repository, security triage of pasted snippets.
When NOT to use it
As a binary verdict for hiring or grading — no detector is reliable enough for that.
Practical example
A PR shows uniform docstrings, exhaustive type hints and generic identifiers; Decoder flags it as AI-likely and explains which signals contributed.
FAQ
Glossary
- Verbalisation
- Turning a numeric signal into a plain-language explanation a reviewer can act on.
Related
Repository Analysis turns a codebase into something you can read, search and interrogate. Upload a ZIP or import a public GitHub project; Decoder indexes structure, runs static checks and gates AI features behind your own key.
Chat with Your Code turns a repository into a queryable knowledge surface. Ask 'where is auth handled?' or 'what does this script do?' and get answers grounded in your actual files.
BYOK means you bring your own AI provider key. Decoder never proxies AI calls through a shared account: your key, your billing, your privacy boundary.
Static malware analysis inspects code and binaries without executing them. Decoder runs it locally on your upload and surfaces suspicious patterns, entropy spikes and known indicators — no API key required.
PowerShell is the workhorse of Windows post-exploitation. Decoder reads `.ps1` files statically and surfaces the patterns attackers rely on: encoded commands, `Invoke-Expression`, download cradles, AMSI bypasses.
Obfuscation hides intent. Decoder flags suspicious entropy, base64 walls, eval chains, and packing markers so reviewers can focus on what's actually hidden.
The EU AI Act (Regulation 2024/1689) sets obligations on providers and deployers of AI. For code analysis, transparency and data control are the levers that matter most.