Skip to main content
DETERMINISTIC AI SECURITY

Our Tools
Python Auditing AI

Zero guesswork. 100% reproducible. Compliance as code.

Our Python code audits your AI code using deterministic pattern matching and AST-based flow analysis. No black boxes, no AI inference, no probabilistic scoring—just explicit rules mapped to compliance frameworks.

7
Security Engines
100%
Deterministic
6
Frameworks
<2min
Scan Time

What Makes Us Different

We built HAIEC on principles that matter: determinism, transparency, and auditability. Here's why security teams and auditors trust our tools.

Zero AI Guessing

Every finding is traceable to an explicit rule. No machine learning, no heuristics, no probabilistic outputs. Same inputs always produce same outputs.

100% reproducible scans

Python Auditing AI

Our Python AST adapter parses your code at the syntax tree level—the same way compilers work. This isn't regex pattern matching; it's true semantic analysis.

AST-based flow analysis

Cryptographic Verification

Every artifact includes SHA-256 evidence hashes and cryptographic signatures. Artifacts are independently verifiable by auditors and regulators.

Tamper-proof artifacts

Evidence Immutability

Database-level enforcement prevents modification of compliance evidence. Append-only audit logs ensure regulatory compliance for SOC 2, ISO 27001, and HIPAA.

PostgreSQL triggers

Four-Engine Architecture

Specialized engines for different analysis types: metadata signals, static code analysis, runtime testing, and compliance evidence. Each optimized for its specific purpose.

4 distinct engines

No Silent Pass

If analysis fails, we tell you. Badges show failure states, errors are logged, and no artifacts are generated. We never hide problems behind green checkmarks.

Explicit failure modes

Specialized Engines

Each engine is purpose-built for a specific type of analysis. Together, they provide comprehensive coverage from repository metadata to runtime behavior.

GitHub Control Signals

Free

Repository Governance Scanner

Lightweight metadata analysis that detects branch protection, CODEOWNERS, security policies, and CI workflows without touching your code.

GitHub API-based detection. Zero code access. Webhook-driven for real-time monitoring.

Key Capabilities

  • Branch protection detection
  • Security policy validation
  • CI/CD workflow presence
  • Dependency scanning config

Badge Output

HAIEC Control Signals

AI Security Static Engine

Pro+

Python Auditing AI

Advanced static code analysis using Python AST (Abstract Syntax Tree) parsing. Our Python code audits your AI code—no guessing, no black boxes, just deterministic pattern matching.

78 detection rules mapped to compliance frameworks. AST-based flow analysis with taint tracking. Supports Python, TypeScript, JavaScript, Go.

Key Capabilities

  • Prompt injection detection
  • RAG poisoning analysis
  • Tool abuse identification
  • Data leakage prevention

Badge Output

AI Attack Surface Scan

AI Security Runtime Engine

Enterprise

Live Endpoint Testing

Behavioral testing for deployed AI systems. Sends real attack payloads to your endpoints and analyzes responses—no code access required.

HTTP-based execution with 400+ attack templates. Tests prompt injection, jailbreaks, data exfiltration in production.

Key Capabilities

  • Prompt injection testing
  • Jailbreak detection
  • Data exfiltration checks
  • Response analysis

Badge Output

Runtime Status Only

Compliance Evidence Engine

Pro+

Framework Evidence Collection

Guided questionnaires that collect evidence for SOC 2, ISO 27001, GDPR, HIPAA, and more. Automated gap analysis with actionable remediation steps.

Deterministic rule-based evaluation. Integer scoring (0-10000). Evidence immutability with SHA-256 hashing.

Key Capabilities

  • SOC 2 Type II evidence
  • ISO 27001 documentation
  • GDPR compliance mapping
  • HIPAA evidence packages

Badge Output

Framework Evidence

Technical Specifications

Built for security professionals and auditors who need to understand exactly how our tools work.

Detection Technology

Rule Count
78 detection rules
Compliance IDs
33 unique rules
Languages
Python, TypeScript, JavaScript, Go
Analysis Type
AST + Data Flow + Taint Tracking

Compliance Coverage

SOC 2
CC6.1, CC6.6, CC7.1, CC7.2, CC8.1
ISO 27001
A.9.2.3, A.12.1.3, A.12.6.1, A.14.2.1
OWASP
LLM01, LLM03, LLM07, LLM09
CWE
CWE-20, CWE-200, CWE-400, CWE-754

Architecture

Database
PostgreSQL (Neon)
Encryption
AES-256 at rest, TLS 1.3 in transit
Retention
90-day default, configurable
Artifacts
SHA-256 hashed, cryptographically signed

Ready to Audit Your AI?

Start with a free scan. No credit card required. Results in under 2 minutes.