AI Systems Have Unique Attack Surfaces
Traditional security scanners miss AI-specific vulnerabilities like prompt injection, RAG poisoning, and tool abuse.
Traditional Security Scanners
- Miss AI-specific attack patterns
- No prompt injection detection
- No RAG poisoning checks
- No LLM tool abuse detection
HAIEC AI Static Security Scanner
- 91 Semgrep rules across 78 display IDs
- Prompt injection pattern matching
- RAG poisoning detection
- Tool abuse and agent safety checks
What We Detect
12 attack categories, 91 Semgrep rules (78 display IDs), 82 compliance mappings across 9 frameworks
Prompt Injection
CriticalUser input reaches LLM prompts without validation
REST API Detection
MediumDirect AI REST API calls without SDK wrapper or protection
SDK Detection
InfoAI SDK imports detected for system monitoring and change management
Dangerous Tool Abuse
CriticalDangerous tools (PythonREPL, Shell, eval/exec) exposed to AI agents
API Key & Secrets Exposure
CriticalHardcoded API keys, secrets in logs, URLs, or error messages
Agent & Advanced Safety
HighAgent loops, recursive calls, missing guardrails, memory injection
Data Leakage & Privacy
CriticalPII in prompts, sensitive DB fields, training data leakage
RAG & Vector Store Security
HighUnvalidated vector store ops, user-controlled embeddings, metadata injection
Production Security & Config
MediumMissing rate limits, auth, cost tracking, debug mode, error logging
Model Security
HighModel extraction, unverified loading, poisoning, weights exposure
Injection & XSS via AI Output
HighAI-generated content used unsafely in HTML, SQL, or HTTP requests
Multimodal & Misc
MediumImage/audio input injection, AI filesystem access, verbose errors
Why HAIEC AI Static Security Scanner
Deterministic, reproducible, compliance-ready
Pre-Deployment Detection
Find AI security risks before code reaches production
Compliance Evidence
Automatic mapping to SOC 2, ISO 27001, ISO 42001, GDPR, HIPAA, OWASP, CWE, NIST AI RMF, EU AI Act
CI/CD Integration
GitHub Actions, GitLab CI, Jenkins with SARIF output
Deterministic Results
Same code = same findings, every time. No AI guessing.
How the AI Static Scanner Is Built
Five layers from repo clone to compliance evidence. Source code is ephemeral — always deleted after scan.
Security Blueprint
Your Journey to AI Security Evidence
8 steps from scan initiation to compliance evidence. Source code is ephemeral — never persisted.
Initiate Scan
Provide your GitHub repository URL. Authenticate with your HAIEC account. The scan can be triggered from the dashboard, CI/CD pipeline (GitHub Action), or API.
Scan authorization validates session, checks rate limits, and verifies GitHub access token. Scan intent schema enforced. State machine transitions to authorized.
Authorized scan session with validated repository target