Catch AI-specific misconfigurations before they reach production.

Scan .env files, Docker Compose, Kubernetes manifests, GitHub Actions, Vercel, Supabase, and other config formats for AI-specific unsafe defaults. Detect exposed model APIs, unauthenticated AI runtimes, permissive CORS, debug flags, missing auth, and provider credential risks before they become incidents.

Lint Your Configs View Sample Findings

ARE YOUR AI CONFIGS SAFE TO DEPLOY?

Multi-format

Scan .env, Docker Compose, Kubernetes, GitHub Actions, Vercel, Supabase, and YAML/JSON configs in a single pass.

AI-specific rules

Rules tuned for AI-adjacent risks: exposed model endpoints, unauthenticated AI runtimes, vector DB exposure, and provider credential leaks.

Prioritized findings

Findings ranked by severity with specific line numbers, categories, and remediation guidance.

No execution

Static analysis only — no deployment access required, no production system interaction.

Core capabilities

What SecEng AI Config Linter does.

Environment Variable Analysis

Detect secrets in configs, public AI runtime binding, permissive CORS, debug flags, and missing auth across .env and example files.

Container & Compose Review

Flag AI service ports bound to 0.0.0.0, missing auth, no TLS termination, and unsafe default credentials in Docker Compose and Kubernetes.

CI/CD Pipeline Audit

Review GitHub Actions workflows for exposed AI provider keys, unsafe model endpoint usage, and missing secret controls.

Platform Config Review

Check Vercel, Supabase, and platform-specific configs for public AI endpoint exposure and missing access controls.

Prioritized Output

Every finding includes file path, line number, category, severity, evidence, and a specific remediation recommendation.

Evidence-Ready Export

Export findings as JSON for engineering backlog, Jira tickets, or security review evidence.

Evidence & signals

What you get out of the box.

Supported Formats

.env / .env.example
Docker Compose
Kubernetes YAML
GitHub Actions
Vercel config
Supabase config
Generic JSON/YAML

Risk Categories

Exposed model APIs
Unauthenticated AI runtimes
Permissive CORS
Debug flags enabled
Provider credential leaks
Missing auth
Vector DB exposure

Deliverables

Prioritized findings
Line-level evidence
Remediation guidance
JSON export
Engineering backlog items

AI SECURITY ENGINEERING WORKBENCH

Ready to put SecEng AI Config Linter to work?

AI Config Linter is an active-development SecEng Workbench capability. We review your deployment configuration files and return prioritized findings without executing production workloads.

Start AI Security Assessment See the full Workbench

View pricing →

Also in the Workbench

WHAT AI DO WE HAVE?

SecEng Surface Scanner

Browser, Repo & IDE AI Discovery