Demo Security Scan - Sample Repository

78/100 Risk Score: We Found 11 Security Issues

Including 2 critical vulnerabilities exposing API keys and user data

Files Scanned

Lines of Code

342

Risk Score

78/100

Total Findings

High Risk - Immediate Action Required

This AI application has 2 critical vulnerabilities that expose sensitive data and API credentials. These issues must be addressed before production deployment.

Critical

High

Medium

Low

Top Security Risks

CRITICALconfig.py:12

Hardcoded API Key Detected

OpenAI API key found in config.py. This exposes your API credentials to anyone with repository access.

CRITICAL.env.example:3

AWS Credentials in Repository

AWS access keys found in .env.example file. Even example files should not contain real credentials.

HIGHapp.py:24

Prompt Injection Vulnerability

User input directly concatenated into AI prompts without sanitization. Attackers can manipulate AI behavior.

Compliance Impact

SOC 2 Type II

Hardcoded credentials and PII logging violate CC6.1 (logical access controls) and CC6.7 (encryption).

ISO 27001

Fails A.9.4.1 (information access restriction) and A.10.1.1 (cryptographic controls).

GDPR

PII logging without encryption violates Article 32 (security of processing).

NIST AI RMF

Prompt injection risks violate GOVERN-1.2 (secure AI system design).

Scan Your Repo in 60 Seconds - Free

This is a sample scan using demo data. Connect your GitHub and get instant results with HAIEC's 121-rule engine - covering AI-specific vulnerabilities, hardcoded secrets, and SOC 2 compliance gaps.

Scan Your Repo Free Learn More

Ready to Scan Your AI Repository?

Get comprehensive AI security scanning with HAIEC's 121-rule engine. Covers AI-specific risks, compliance requirements, and SOC 2 controls.

Start Your Scan View NYC Audit Demo