SecEng Workbench · Map
SecEng Trust Scanner
Score every public trust signal — before a buyer, auditor, or regulator asks you to.
Trust Scanner crawls public trust pages, detects artifact presence, and scores six dimensions — AI claims, legal clarity, security trust, governance evidence, consistency, and remediation opportunity. The output is a directional public signal, not a private assessment claim.
Platforms
Web app
Domain input, six-dimension scorecard, artifact checklist
Chrome extension
In-context side panel, one-click scan on any public page
VS Code extension
Inline vendor trust signal while reviewing AI imports
In-app mini-apps
Embedded in RAG review, authority graph, procurement flows
Six scoring dimensions
The ATG scorecard breakdown.
public_surface
Public surface
Are trust artifacts publicly reachable and linked?
ai_language
AI language
Does the company use clear, specific AI-related language?
legal_clarity
Legal clarity
Privacy policy, ToS, DPA, and AI usage policy completeness.
security_trust
Security trust
Security practices page, secure SDLC, vulnerability disclosure.
consistency
Consistency
Do public claims align across trust page, docs, and marketing?
remediation_opportunity
Remediation
How much improvement headroom exists from current state?
Capabilities
What Trust Scanner does.
Six-dimension public scorecard
Scores AI claims, legal clarity, security trust, governance evidence, consistency, and remediation opportunity from public-facing pages. Produces a directional ATG signal, not a private assessment claim.
Artifact presence detection
Checks for privacy policy, terms of service, AI usage policy, AI governance hub, trust center, secure SDLC page, vulnerability disclosure, subprocessors list, DPA, and responsible AI principles.
Domain scan workflow
Input a domain, crawl public trust pages, extract artifact signals, score six dimensions, surface findings, and produce improvement guidance — in one structured scan workflow.
Chrome extension
Run a trust scan inline on any public page from the side panel. The same ATG six-dimension scorecard appears in context without leaving the browser — artifact checklist, findings, and caveat included.
VS Code integration
Scan vendor trust surfaces from inside VS Code while reviewing AI dependencies. Trust signal data flows into the shared savvy-stacks catalog alongside surface discovery results.
In-app mini-apps
Embedded trust scanner surfaces appear inside RAG pipeline reviews, authority graph views, and procurement workflows — inline trust signal at the point where dependency decisions happen.
Required caveat
A public scorecard can show whether trust artifacts are visible, coherent, and appropriately caveated. It cannot prove internal controls, private security maturity, or operational effectiveness. All public outputs use public_claim_with_caveat posture unless a scoped private assessment creates stronger evidence.
Other Map instruments