The State of AI Security Engineering Report 2026

SecEng Workbench · Map

Trust Scanner — Live Demo

ATG public scorecard · rendered from fixture data

The panel below is the same output the Trust Scanner produces in the Chrome extension, the web app, and in-app mini-apps — six dimension scores, artifact checklist, top finding, and improvement guidance.

Public Surface

AI Language

Legal Clarity

Security Trust

Consistency

Remediation Opportunity

Trust Scanner · ATG Scorecard

Demo Corp · public trust surface

Demo Corp has a credible public AI trust surface with solid legal documentation and a public security practices page, but lacks an explicit AI usage policy and customer data training policy.

credible

Public Surface

Whether trust, legal, security, AI, methodology, and contact surfaces are discoverable and coherent.

78% signal

AI Language

Whether AI claims are specific, bounded, and tied to engineering evidence rather than generic positioning.

65% signal

Legal Clarity

Whether privacy, terms, contract, data-processing, and customer-facing boundaries are clear enough to review.

82% signal

Security Trust

Whether public trust artifacts explain controls, evidence, limitations, and escalation paths without oversharing.

74% signal

Consistency

Whether public claims, caveats, service language, and trust artifacts agree across the site.

68% signal

Remediation Opportunity

Whether the public surface makes the next improvement work obvious, scoped, and evidence-backed.

71% signal

Public-signal caveat

Scores are based on publicly observable website signals. They reflect public trust surface quality, not internal security posture. Results may not reflect recent updates.

public_claim_with_caveatsurface reviewextension-ready

Chrome + VS Code surface

Trust Scanner in the extension

The same ATG scorecard language runs inside the Chrome side panel and the VS Code extension — scan any public page in one click and get the full 6-dimension scorecard in-context.

Observed artifacts · 11 of 17

Trust CenterLegal HubPrivacy PolicyTerms of ServiceCookie PolicyData Processing AddendumSubprocessors ListAI Governance HubAI Usage PolicyCustomer Data Training PolicySecurity PracticesSecure SDLCVulnerability DisclosureSecurity ContactMethodologyPublic ReportThird-party Certification

Top finding

high

No AI usage policy found

Publish an AI usage policy that covers data use, model training, and user rights. Link it from your privacy policy and product settings.

Improvement guidance

Publish an AI governance hub

A dedicated AI governance page signals that AI safety is treated as a first-class concern. Include your usage policy, training policy, and responsible AI principles.

Open Labs scanner Public JSON Runtime Proxy

Important caveat

Based on public website signals and observed artifacts, not proof of any organization's internal security maturity.

Run this against your own trust surface.

A private scan produces a full scorecard plus a remediation backlog — not just a public signal.

Request a private scan Product overview Full labs page