ARKO
A security tool developers actually open. Brand and product UI, built from zero inside a 300-pixel sidebar.
Three-person team: the founder (an active CISO), one developer, and me as the first and only designer.

DevSecAI shifted from a heavyweight enterprise dashboard to a developer-first product that meets engineers inside their editor. Everything visual and strategic had to be built from zero.
I joined as the first and only designer, working directly with the founder and one developer. Equity-free: direct CISO mentorship in exchange for full design execution.
Traditional SAST tools dump long lists of generic severities. Developers skim and move on. AI-assisted coding raises velocity, so security debt compounds faster.
The hypothesis: if the tool reasons about architecture and returns one obvious next action, developers fix issues before merge. My challenge was earning trust inside a 300-pixel panel while also producing enterprise material that convinced CISOs to procure at scale.
ARKO scans a codebase with an AI pipeline, builds an architectural threat model, and returns prioritized findings with plain-language fixes.





Two constraints shaped everything: 300 pixels of width, and developers who close panels they do not trust.
One mental model, reinforced everywhere. The Hackable Score colour scale drives the gauge stroke, status pill, pulse speed, bar fills, and README badge.
Shipped as a single HTML/CSS/JS string injected as a VS Code webview. All styles inline in TypeScript. No bundler — pure CSS variables and DOM.
Investment offer in the first eight months. Declined — the investor wanted too large a stake.