While tools like Anthropic Claude, Cursor, Zed, Microsoft Copilot, and Replit Agents have been designed to automate coding and software development, only a few address the code after it has been generated. This is where YC-backed Patched comes in.
Founded in 2023 by Asankhaya Sharma and Rohan Sood, Patched is an open-source AI framework that automates repetitive tasks like code reviews, documentation, and patches. Besides, it also tackles maintenance tasks such as vulnerability fixing and linting, all while running autonomously without active developer involvement.
It also allows developers to create custom workflows to fit their specific needs and preferences.
“We’re not focused on the IDE. I think a lot of people are trying out various things around co-pilots and IDE assistants, such as Cursor AI. Our focus is to automate other tasks – that may be non-coding related or not best done in the IDE – like documentation generation and pull request reviews,” Sharma told AIM.
He added that their focus has always been on the outer loop, which is everything after one commits the code and it goes into the CI/CD pipeline. “We are looking at all the places in that pipeline where you can attach an LLM or improve processes using GenAI, and so on.”
Sharma said the company uses LLMs to generate code, review changes, and manage workflow tasks, while integrating with users’ preferred LLM APIs for enhanced privacy and customisation.
“We are an LLM-agnostic, open-source framework. You can use any LLM, whether from API providers like OpenAI and Google Gemini or your own locally-hosted model,” said Sharma.
He added that they open-sourced Patched because they do not want developers to pay separate fees for fixing bugs, reviewing vulnerabilities and generating test cases.
Breaking Down the Business Model
Apart from the open-source framework, the company also offers an app. Patched’s app features a drag-and-drop workflow builder, eliminating the need for writing Python code.
“We are monetising through the API, which provides the user experience along with the drag-and-drop ease of building and customisation,” said Sharma.
The company charges $99 per workflow. Unlike other players, Patched did not price the product on a per-developer basis as Sharma feels that it discourages people from using it.
Moreover, Sharma said that they created a benchmark last year to evaluate the performance of different frontier models on vulnerability fixing, called the Static Analysis Eval.
He explained that for other tasks, which may not be as easily quantifiable, such as pull request reviews or documentation generation, they look at other metrics like RTC Eval, which stands for round-trip correctness.
In simple terms, they run the model a few times to ensure the results are consistent and don’t change over time.
He further explained that they do not like to compete with or compare themselves to tools like Devin, though he acknowledges that there is room for such comparisons.
Patched’s Growing Clientele
One of Patched AI’s clients is KairosWealth in Singapore. Sharma explained that their requirement was for developers to follow a specific set of instructions when committing code.
“They had a document with a list of instructions, so the idea was to take that document and convert it into something that can be integrated into a patch flow,” said Sharma.
He said that the company designed two new patch flows for them. The first one generates a style guide autonomously from a given repository.
“It reviews all your existing pull requests that have been closed in the past. Based on the comments and changes in those pull requests, it automatically infers the style guide you’re following in your code. This style guide is then used as a reference for reviewing subsequent pull requests,” said Sharma.
“Two, to actually use that to review pull requests, and three, to actually fix the issues that are found using the pull request,” he added.
Another customer, Stack Auth, an open-source alternative for cloud key and authentication providers, had a workflow built by Patched using TS Morph combined with LLMs to generate SDK documentation.
He further explained that their tool is more suited for experienced developers rather than those who are new to coding and experimenting with generative AI tools. “If you’re an experienced developer, you are responsible for maintaining code quality, reviewing pull requests, or generating documentation,” he said.
He said that if one has experience in coding for large enterprises, the initial setup is not where most of the time is spent.
“Eighty percent of the time is spent making small changes to large codebases, which are deployed to thousands or millions of users, and ensuring these small changes are implemented in a way that prevents things from breaking,” he added.
Sharma said that initially it was difficult to convince consumers that LLMs could be effective in discovering code vulnerabilities. He explained that 80% of the vulnerabilities people encounter daily are not particularly unique; they are often recurring mistakes that people make.
YC Opens the Door to GPT-5
Sharma said that in the near future, they will add a new feature to their app, allowing users to save all pull requests and responses to curate their own datasets, which can later be fine-tuned for better results.
Moreover, the company is working closely with OpenAI, which Sharma says wouldn’t have been possible without support from Y Combinator.
He revealed that GPT-5 is around the corner and that people from OpenAI, including CEO Sam Altman, have advised them to ensure that their product remains relevant when GPT-5 is released and to integrate the next-generation model in a way that makes tasks easier.
