Findings library
Here are the types of issues we look for in AI-enabled repositories.
An attacker could use the key to access third-party services, customer data, or generate unexpected usage costs.
textSecrets: Exposed API key in environment configRecommended fix
Revoke and rotate the key, move secrets into a managed secret store, and add secret scanning to CI.
A malicious user can override privileged instructions or influence downstream tool calls.
textPrompt security: User input passed directly into LLM system promptRecommended fix
Separate system and user messages, add prompt boundaries, and validate model output before taking action.
Prompt injection or tool-output manipulation could cause the agent to read or modify sensitive files.
textAI agents: Agent has unrestricted filesystem accessRecommended fix
Sandbox the agent, allowlist paths and operations, require approval for sensitive actions, and log all tool calls.
Untrusted model output can trigger unintended API requests, data writes, or workflow actions.
textLLM output validation: Missing output validation before tool callRecommended fix
Validate output against a strict schema, enforce allowlists, and run authorization checks before execution.
Embeddings and retrieved documents may expose sensitive business or customer information.
textRAG security: Public vector database endpointRecommended fix
Require authentication, restrict network access, encrypt data, and scope indexes by tenant or environment.
Public users can drive model costs, degrade service reliability, or attempt automated prompt abuse.
textAbuse controls: Missing rate limit on AI endpointRecommended fix
Add authentication, request throttling, per-user quotas, and model usage caps.
AI Security Repo Audit
Start with one repo. We will identify the highest-risk issues and give your team practical remediation steps.
Repo Audit
Security review for AI-assisted software development