01Overview
Traditional SAST tools were built for web apps and miss the entire class of risks that AI/ML systems introduce. AI Security Posture Management (AI-SPM) closes that gap: a single-file, zero-dependency Python scanner that statically analyzes AI/ML codebases end-to-end — from data ingestion and model training through deployment and live inference — and flags the security misconfigurations, unsafe patterns, and compliance gaps that generic scanners walk straight past.
Point it at a repo and it does three things at once. It runs 145 AI-specific SAST rules across 26 categories (unsafe pickle/torch.load model loading, prompt injection, data poisoning, PII leakage to LLM APIs, missing guardrails, over-autonomous agents, RAG and MCP exposure, shadow AI, and more). It builds an AI/ML inventory — auto-discovering the frameworks, models, APIs, vector databases, and experiment trackers actually present in the code. And it checks the supply chain, matching pinned dependency versions against a curated database of 33 real AI/ML CVEs in packages like TensorFlow, PyTorch, LangChain, mlflow, Ray (ShadowRay), Ollama, and ChromaDB.
Every finding is mapped to four AI-specific governance frameworks — NIST AI RMF, the EU AI Act, OWASP ML Top 10, and MITRE ATLAS — so a security finding doubles as a compliance signal. It scans Python, JS/TS, Jupyter notebooks, .env, YAML/TOML, Terraform, Dockerfiles, and dependency manifests, and emits colored console output, machine-parseable JSON, and an interactive HTML report.
It is built for AppSec engineers, ML platform teams, and AI governance leads who need to shift AI risk left. Because the whole scanner is one portable Python 3.10+ stdlib file with no pip installs, it drops into any CI pipeline (GitHub Actions, GitLab, Azure DevOps, Jenkins) and gates builds via an exit code of 1 on CRITICAL or HIGH findings — no agents, no cloud, no dependency management.
02Key Capabilities
145 AI-Specific SAST Rules
Regex-driven static analysis across 26 categories covering the full AI lifecycle, from unsafe model deserialization to over-autonomous agents.
AI/ML Inventory Discovery
Automatically fingerprints the frameworks, models, LLM APIs, vector databases, and experiment trackers present in your codebase for governance and shadow-AI visibility.
Unsafe Model-Loading Detection
Catches pickle/joblib deserialization, torch.load without weights_only, np.load allow_pickle, and trust_remote_code before they become arbitrary code execution.
Prompt Injection & LLM Output Sink Analysis
Flags user input flowing into prompts, jailbreak patterns, and LLM output reaching shells, SQL, or eval() without validation.
Agentic AI Risk Checks
Detects unrestricted tool/shell/filesystem access, missing human-in-the-loop, unbounded iterations, and unsafe LangChain/CrewAI/AutoGen/LangGraph patterns.
Supply-Chain CVE Matching
Compares pinned dependency versions against 33 curated AI/ML CVEs (TensorFlow, PyTorch, LangChain, mlflow, Ray ShadowRay, Ollama, ChromaDB and more) across PyPI and npm manifests.
RAG, MCP & Multimodal Coverage
Checks vector DBs without auth, unsanitized retrieval, MCP servers with shell access or no auth, and image/audio/video inputs without validation or NSFW filtering.
AI Infrastructure-as-Code Scanning
Detects Terraform misconfigurations for SageMaker, Bedrock, Vertex AI, and Azure OpenAI, plus K8s AI-serving issues in KServe, Seldon, and Triton.
Four-Framework Compliance Mapping
Tags every finding with applicable NIST AI RMF, EU AI Act, OWASP ML Top 10, and MITRE ATLAS controls to turn security output into compliance evidence.
Model Card Compliance Check
Directory-level check that flags AI projects missing MODEL_CARD.md documentation required by the EU AI Act for high-risk systems.
Three Output Formats
Color-coded ANSI console, machine-parseable JSON for CI/CD, and a self-contained interactive dark-themed HTML report with severity filters and compliance tags.
CI/CD-Ready Exit Codes
Returns exit code 1 on CRITICAL or HIGH findings so it can gate pipelines out of the box, with ready-made GitHub Actions, GitLab, Azure DevOps, and Jenkins snippets.
03Architecture
The entire scanner is one self-contained Python file (ai_spm_scanner.py, ~2,230 LOC, stdlib only). Rules live as module-level lists of dicts; an AISPMScanner class walks the target, dispatches each file by extension to a language-specific scanner, runs the regex SAST engine line-by-line, and simultaneously builds an AI/ML inventory and checks dependency manifests against a CVE database. Findings (a Finding dataclass carrying CWE, CVE, and compliance tags) are then rendered to console, JSON, or HTML.
04Project Structure
ai_spm_scanner.pyThe entire scanner — a single ~2,230-line, zero-dependency Python file containing all rules, engine, and reporters.README.mdFull documentation: rule catalog, compliance mapping, CVE tables, usage, CI/CD recipes, and architecture diagram.CLAUDE.mdProject instructions describing the shared scanner architecture, rule-category counts, and contribution conventions.banner.svgProject banner graphic used in the README header.LICENSEMIT License..gitignoreStandard Python gitignore.tests/samples/Intentionally vulnerable fixture files used to validate that rules fire correctly.tests/samples/vulnerable_ai_app.pyInsecure Python AI patterns (pickle, prompt injection, PII, agents, MCP, fine-tuning, multimodal, bias) — produces 100 findings when scanned.tests/samples/requirements_ai.txtAI/ML packages pinned to versions with known CVEs to exercise supply-chain scanning.tests/samples/ai_infra.tfVulnerable Terraform for SageMaker, Bedrock, Vertex AI, and Azure OpenAI.tests/samples/k8s_ai_serving.yamlInsecure K8s AI workloads for KServe, Seldon, and Triton.tests/samples/vulnerable_frontend.tsxInsecure JS/TS AI frontend with client-side key exposure, XSS, and eval on model output.05Security Controls
06Technology Stack
- Language
- Python 3.10+ (modern type-hint syntax with `from __future__ import annotations`; stdlib only)
- Dependencies
- None — zero external packages, pure standard library (re, argparse, json, dataclasses, pathlib)
- Distribution
- Single self-contained file (ai_spm_scanner.py, ~2,230 LOC)
- Analysis Engine
- Regex-based line-by-line SAST across module-level rule dicts
- Output Formats
- ANSI console, JSON, self-contained interactive HTML (dark purple-gradient theme)
- Testing
- Intentionally vulnerable fixture files under tests/samples/ for rule validation
- CI/CD
- Exit-code gating with documented GitHub Actions, GitLab CI, Azure DevOps, and Jenkins recipes
- Platforms
- Windows, macOS, Linux (no compilation, no venv required)
07Quick Start
$ git clone https://github.com/Krishcalin/AI-Secure-Posture-Management.git && cd AI-Secure-Posture-Management $ python ai_spm_scanner.py --version # verify: AI-SPM Scanner v1.1.0 $ python ai_spm_scanner.py /path/to/your/ai-project # scan a whole project $ python ai_spm_scanner.py ./my-project --json report.json --html report.html # JSON + interactive HTML reports $ python ai_spm_scanner.py ./my-project --severity HIGH # only CRITICAL and HIGH findings (CI gate) $ python ai_spm_scanner.py tests/samples/ --verbose # run against bundled vulnerable fixtures
08Compliance & Frameworks
09Integrations & Outputs
Explore AI Security Posture Management
Full source, documentation, and deployment guides live on GitHub.