v2.4.0 | Report Errata
docs security docs security

Standard security scanning tools do not detect AI-specific security risks. AI-specific rules augment the SAST, DAST, and SCA scanning with checks tailored to machine learning systems. These rules overlap with the compliance-focused AI-specific rules described in but are oriented toward security rather than governance.

Security-oriented AI-specific rules should flag direct model file loading that bypasses signature verification (complementing the model registry bypass rule in with a security dimension), unencrypted transmission of model artefacts or training data, hardcoded API keys or credentials in ML pipeline code (complementing the secret detection in ), and inference endpoints without authentication or rate limiting.

SIEM correlation rules provide the runtime equivalent: a sudden increase in inference API calls from a single consumer may indicate model extraction, a pattern of systematically varied inputs may indicate adversarial probing, and changes to model artefact files outside the CI/CD pipeline indicate unauthorised modification. The AI-specific rules and SIEM correlation rules are documented in Module 9.

Key outputs

  • AI-specific security rules in the SAST/DAST pipeline
  • SIEM correlation rules for AI-specific attack patterns
  • Integration with the broader scanning and monitoring framework
  • Module 9 AISDP documentation
On This Page