Question 1

Is my code sent to the cloud?

Accepted Answer

No. Foil runs 100% on your machine using Apple Silicon GPUs. Your source code, scan results, and findings never leave your device. The only server communication is license activation and periodic validation.

Question 2

What languages does Foil support?

Accepted Answer

Python, JavaScript, TypeScript, Go, Java, Ruby, and C#.

Question 3

How much does it cost?

Accepted Answer

The Community plan is free forever with up to 3 projects. The Developer plan is €19 per user / month or €149 per user / year (save 35%) and includes unlimited projects, Deep Dive & Deep Scan, export, custom rules, and API access.

Question 4

How is Foil different from Semgrep or Snyk?

Accepted Answer

Traditional tools like Semgrep use pattern matching (regex/AST) and Snyk sends code to the cloud. Foil uses an on-device LLM to reason about your code semantics — finding logic-level vulnerabilities like broken access control, IDOR, and race conditions that no regex can catch. And your code never leaves your machine.

Question 5

Where is the documentation?

Accepted Answer

docsfoil.peachstudio.be — full CLI reference, UI walkthrough, licensing details, and model management guides. Quick links: getting-started/install (setup), getting-started/licensing (editions + license machines), cli/scan (scan command reference), ui/deep-dive (Deep Dive investigations).

Question 6

Is Foil fast?

Accepted Answer

It depends on your hardware. Foil is agentic — it talks to the local LLM multiple times per finding (reason, validate, rewrite), and on-device inference is inherently slower than a cloud API. If you splurged on a maxed-out M5 Max, it'll feel snappy. On a typical M4 or M5 expect around 20–25 tokens/second, which means Deep Dive on a single finding completes in a few seconds, and a full Deep Scan of a real codebase is something you start and come back to. Faster hardware = shorter wait.

Question 7

What are Deep Dive and Deep Scan?

Accepted Answer

Both are Developer-plan features. Deep Dive explains why a finding is vulnerable, validates whether it's actually exploitable, and generates a corrected code rewrite with inline comments. Deep Scan runs a deeper, slower pass over your codebase to catch the vulnerabilities a fast agentic scan can miss. Together, they turn alerts into actionable fixes. Full walkthrough: docsfoil.peachstudio.be/ui/deep-dive/

Question 8

Can I use one license on multiple machines?

Accepted Answer

One Developer license is active on one machine at a time. Release it from the web dashboard (or from the Foil CLI) to unbind it, then activate it on another machine. The license stays in your pool — no new purchase needed. Licensing details: docsfoil.peachstudio.be/getting-started/licensing/

Question 9

Can I cancel and get my money back?

Accepted Answer

Yes. Cancel any time from the dashboard — your subscription stays active until the end of the current billing period and you keep the Developer license through that date. Changed your mind? Click Reactivate before the period ends and you're back on track, no re-payment. New purchases also come with a 7-day money-back guarantee.

Question 10

How do I clean up old community licenses?

Accepted Answer

Repeated reinstalls on the same machine can leave old community license rows on your account. From the dashboard License Pool, any community license that's not currently active shows a Delete button — click to remove the row. Developer licenses tied to a paid subscription can't be deleted this way (cancel the subscription instead).

Question 11

What happens when my subscription expires?

Accepted Answer

Your license enters a 7-day grace period, then deactivates. You keep access to all Community features (agentic scan, 162 rules, 7 languages, 3 projects) — only Developer features (Deep Dive & Deep Scan, export, custom rules, unlimited projects) require an active subscription.

Question 12

Is Foil finished?

Accepted Answer

Foil is in active development. The agentic scanner and Deep Dive & Deep Scan work well, but some features are still being built. Expect new language models, more rules, VS Code integration, and general improvements in the near term. Your feedback helps shape what comes next.

Find Vulnerabilities
Before They Ship.100% Local AI.

Nobody, yet. A lot of developers soon…

Experience Foil.

Purpose-built AI.
Not a generic chatbot.

Your AI Security Analyst

100% Local AI

Native macOS app

Scan from the CLI

Not alerts — fixes

See How Foil Compares

Install in Seconds.
Scan in Minutes.

From the Blog

Hardware, embedded code, and the seven things medical device makers can no longer ignore

Your code on their servers: the case for local AI security scanning

I spent two weeks training a 7B model to find security bugs. Here’s every mistake I made.

Frequently Asked Questions

Find VulnerabilitiesBefore They Ship.100% Local AI.