Find AI supply chain risk before it ships.

Scan AI SDKs, agent frameworks, model loaders, RAG libraries, vector database clients, notebooks, and workflow packages for supply-chain, version, and unsafe-loading risk. SecEng Supply Chain Risk augments SCA with AI-specific context; it does not replace OSV, GitHub Advisory DB, npm audit, pip-audit, Snyk, or existing dependency scanning.

Scan AI Supply Chain View Dependency Findings

WHICH AI DEPENDENCIES CHANGE RELEASE RISK?

Inventory

Identify AI-relevant packages across npm, Python, Docker, notebooks, and lockfiles.

Interpret

Explain why each AI dependency matters from a security perspective.

Prioritize

Surface unsafe loaders, agent frameworks, workflow tools, version drift, and release risks.

Complement SCA

Consume or complement advisory feeds without claiming to replace dependency scanners.

Core capabilities

What SecEng Supply Chain Scanner does.

AI Package Inventory

Identify AI SDKs, agent frameworks, model loaders, RAG libraries, vector database clients, notebooks, workflow packages, and eval tooling.

Model Loader Risk

Flag risky model loaders, serialization packages, unsafe artifact loading, and packages that should hand off to Artifact Analyzer.

Version Hygiene

Highlight unpinned versions, floating ranges, lockfile gaps, and version drift that can change model or framework behavior.

Advisory Context

Accept advisory feed inputs from OSV, GitHub Advisory DB, npm audit, pip-audit, or existing scanners and add AI-specific interpretation.

Release Readiness

Produce dependency risk findings, lockfile recommendations, and release-readiness signals for engineering review.

SCA Augmentation

Add AI-aware dependency interpretation while keeping existing SCA tools as the vulnerability matching source of record.

Evidence & signals

What you get out of the box.

Dependency Classes

AI SDKs
Agent frameworks
Model loaders
RAG libraries
Vector stores
Notebooks
Workflow packages

Risk Signals

Unsafe loaders
Serialization risk
Unpinned versions
Version drift
Weak lockfiles
Advisory candidates

Deliverables

AI dependency inventory
AI package risk findings
Version hygiene findings
Advisory context
Release readiness signals

AI SECURITY ENGINEERING WORKBENCH

Ready to put SecEng Supply Chain Scanner to work?

AI Dependency Risk is an active-development SecEng Workbench capability available through scoped public-site review conversations. It augments your dependency scanning with AI-specific interpretation, package context, and release-readiness signals.

Start AI Security Assessment See the full Workbench

View pricing →

Also in the Workbench

WHAT AI DO WE HAVE?

SecEng Surface Scanner

Browser, Repo & IDE AI Discovery