70
Detection Rules
33
Compliance IDs
0
AI Guessing
100%
Reproducible
⚠️ Critical Risk
AI Systems Have Unique Attack Surfaces
Traditional security scanners miss AI-specific vulnerabilities like prompt injection, RAG poisoning, and tool abuse.
✗
Traditional Security Scanners
- Miss AI-specific attack patterns
- No prompt injection detection
- No RAG poisoning checks
- No LLM tool abuse detection
✅
HAIEC AI Static Security Scanner
- 70 AI-specific detection rules
- Prompt injection pattern matching
- RAG poisoning detection
- Tool abuse and agent safety checks
What We Detect
6 major attack categories, 70 detection rules, 33 unique compliance IDs
Prompt Injection
CriticalUser input reaches LLM prompts without validation
Rules:R1, R1.11-R1.15
Maps to:SOC 2 CC7.2, ISO 27001 A.12.6.1, OWASP LLM01
RAG Poisoning
HighUnvalidated documents added to vector stores
Rules:R3, R8.1-R8.6
Maps to:SOC 2 CC6.1, ISO 27001 A.14.2.1, OWASP LLM03
Tool Abuse
CriticalDangerous tools (PythonREPL, Shell, eval/exec) exposed
Rules:R2, R2.1-R2.8
Maps to:SOC 2 CC7.1, ISO 27001 A.12.1.3, OWASP LLM07
Data Exfiltration
CriticalModel weights, secrets, or PII exposed
Rules:R4, R5, R7.1-R7.6
Maps to:GDPR Art 32, HIPAA 164.312(a)(1), SOC 2 CC6.6
Agent Safety
MediumAutonomous AI agents without safety controls
Rules:R9, R6.1-R6.10
Maps to:ISO 27001 A.9.4.1, OWASP LLM09
Configuration Issues
MediumInsecure defaults, missing guards, operational risks
Rules:R9.1-R9.9, R10.1-R10.4
Maps to:SOC 2 CC8.1, ISO 27001 A.9.2.3
Why HAIEC AI Static Security Scanner
Deterministic, reproducible, compliance-ready
Pre-Deployment Detection
Find AI security risks before code reaches production
Compliance Evidence
Automatic mapping to SOC 2, ISO 27001, GDPR, HIPAA, OWASP
CI/CD Integration
GitHub Actions, GitLab CI, Jenkins with SARIF output
Deterministic Results
Same code = same findings, every time. No AI guessing.