Views:
Artifact Scanner includes AI scan capabilities. This allows you to use Artifact Scanner to identify security vulnerabilities in your AI applications and find risks relating to the OWASP Top 10 for Large Language Model Applications and MITRE Adversarial Threat Landscape for Artificial-Intelligence Systems (ATLAS). You can run AI Scanner locally or hosted by TrendAI™ .
The scanner can find vulnerabilities in the following:
AI Scanner can integrate with any custom AI application that provides an API for sending prompts and receiving text-based model output. The application does not need to follow the OpenAI API standard. Your application is compatible if it meets the following requirements:
  • Exposes a REST API endpoint (public or private)
  • Accepts an input prompt or message in the request body
  • Returns a text response generated by a language model
  • Uses JSON for request and response formats
  • Supports HTTP or HTTPS POST requests
You can use any field names in the request and response payloads as long as you define them in the configuration file. For more information, see AI Scanner config examples for custom AI applications.
The scanner can find vulnerabilities relating to:
  • Sensitive data disclosure
  • System prompt leakage
  • Malicious code generation
  • Hallucinated software entities
  • Agent tool definition leakage
For information on configuring Artifact Scanner with AI Scanner, see Configure Trend-hosted AI scan settings.
After integrating Artifact Scanner with AI Scanner into your continuous integration / continuous deployment (CI/CD) pipeline, you can view the results in Security for AI Stack AI Scanner and AI Guard.