NEW

Start with the pressure: sales, launch, abuse, agents, data, or guardrails

SecEng Workbench · AI Attack-Path SAST

SecEng Code Scanner finds AI attack paths normal scanners miss.

Scan code, prompts, RAG, agents, MCP, tool-calling systems, and CI/CD for source-to-sink AI attack paths teams can fix. SecEng Code Scanner groups source/sink signals into AI attack paths, produces safe validation plans, exports SARIF, VS Code, Jira, and Markdown evidence, and supports buyer or marketplace review without overstating exploitability.

WHERE CAN AI CODE BECOME AN ATTACK PATH?

AI-native SAST

Static signals grouped into attack paths instead of noisy line-by-line findings.

MCP / RAG / agents

Targets LLM apps, RAG workflows, browser agents, AI coding agents, and tool-calling systems.

SARIF / VS Code / Jira

Exports developer-ready diagnostics, tickets, and evidence with the language teams already use.

Marketplace-ready evidence

Supports AppExchange, AgentExchange, Splunkbase, GitHub, VS Code, and CI readiness workflows without claiming certification.

Early access

Licensed tooling plus Workbench-backed delivery for teams that need speed now.

SecEng Workbench · AI Attack-Path SAST

SecEng Code Scanner

Early access

Attack-path SAST

Static signals grouped into source → sink → missing-guard paths.

Attack-path evidence

Validation evidence for app review, pre-submission, and buyer security review.

CVE candidate triage

Rank likely research candidates without overstating exploitability.

Developer exports

SARIF, VS Code diagnostics, Jira tickets, Markdown, and control matrices.

Safe validation planning

Mock-first harness plans for MCP tools, browser actions, RAG tenant boundaries, model JSON dispatch, prompt logging, and unsafe render paths.

SARIFVS CodeJiraMarkdownControl matrix

Attack-path SAST

Static signals grouped into source → sink → missing-guard paths

Marketplace readiness

Evidence for app review, buyer review, and submission blockers

CVE candidate triage

Rank likely research candidates without overclaiming

SARIF / VS Code / Jira

Developer exports and remediation queues

Core capabilities

What SecEng Code Scanner does.

Target Profiling

Identify MCP servers, RAG systems, browser agents, AI coding agents, tool-calling apps, AI gateways, and model supply-chain surfaces before scanning deeper.

AST-lite Enrichment

Extract entrypoints, sources, sinks, guards, missing controls, framework signals, and path context from AI code.

Attack-path Grouping

Compress noisy static findings into prioritized AI attack paths: model/tool/source/sink/guard relationships that engineering teams can review and fix.

CVE-likelihood Scoring

Separate vulnerability candidates from commercial control gaps, test-only noise, and low-context static signals.

Safe Validation Planning

Generate mock-first harness plans for MCP tools, browser actions, RAG tenant boundaries, model JSON dispatch, prompt logging, and unsafe render paths.

Evidence Export

Export SARIF, VS Code diagnostics, Jira-ready tickets, disclosure case drafts, control matrices, and buyer evidence packages.

Evidence & signals

What you get out of the box.

Risk Classes

  • MCP tool side effects without approval
  • Browser-agent actions without domain or action policy
  • RAG/vector retrieval without tenant boundaries
  • Model-generated JSON controlling trusted actions
  • Prompt, log, trace, and cache exposure before redaction

Outputs

  • AI Code Attack-Path Report
  • CVE Candidate Register
  • Safe Validation Plan
  • Marketplace Readiness Report
  • Jira Tickets
  • SARIF

Evidence Levels

  • Raw signal
  • AST-enriched finding
  • Grouped attack path
  • Validation planned
  • Safe-dry-run validated
  • Vendor/disclosure candidate

Red team + Blue team

Built for both sides of the security equation.

Red Team Use

  • Seed adversarial testing with code-derived attack paths instead of waiting for runtime failures.
  • Rank likely CVE candidates without pretending every static result is exploitable.
  • Generate safe validation plans for marketplace, partner, and enterprise review blockers.

Blue Team Use

  • Turn AI code findings into Jira-ready fixes, control gaps, and buyer evidence.
  • Use SARIF, VS Code diagnostics, and markdown reports in the development workflow.
  • Package marketplace-readiness artifacts without claiming official certification or replacing review.

Risk classes

AI-native risks classic SAST misses.

Code Scanner looks for the places where AI code creates delegated action, data exposure, unsafe rendering, policy bypass, or evidence gaps. The output is not a pile of raw static findings. It is a review path.

MCP tool side effects without approval

Browser-agent actions without domain or action policy

RAG/vector retrieval without tenant boundaries

Model-generated JSON controlling trusted actions

Prompt, log, trace, and cache exposure before redaction

Streaming model output rendered as unsafe HTML or markdown

AI gateway auth, budget, and model-policy gaps

Unsafe model artifact loading and unpinned supply-chain paths

Missing forensic evidence for AI actions

Outputs

What it produces.

The deliverable set is built for engineering, pre-submission validation, buyer security review, and disclosure triage when the evidence supports it.

AI Code Attack-Path Report

CVE Candidate Register

Safe Validation Plan

Harness Plan

Disclosure Case Draft

Developer Export & Remediation Evidence Pack

Pre-Submission Evidence Pack

Control Matrix

Jira Tickets

VS Code Diagnostics

SARIF

Differentiation

Not another noisy scanner.

Classic SAST emits findings. SecEng Code Scanner emits AI attack paths: where model output, tools, source data, sinks, and missing guards combine into reviewable risk.

Generic SAST

dangerous calls

SecEng Code Scanner

model/tool/source/sink/guard paths

Generic SAST

raw findings

SecEng Code Scanner

prioritized AI attack paths

Generic SAST

generic remediation

SecEng Code Scanner

Jira-ready fixes and control evidence

Generic SAST

pass/fail output

SecEng Code Scanner

validation plans, CVE candidates, and marketplace evidence

Evidence levels stay explicit

Static does not mean exploitable.

SecEng Code Scanner does not claim every static result is exploitable. Findings are labeled by evidence level so product, security, legal, and engineering teams know what can be said, what needs validation, and what belongs in a private remediation backlog.

Raw signalAST-enriched findingGrouped attack pathValidation plannedSafe-dry-run validatedVendor/disclosure candidatePublic advisory candidate

CVE-likelihood scoring identifies candidates for private validation and pre-disclosure review. It does not constitute a CVE assignment, official vulnerability confirmation, or disclosure recommendation. Human review by a qualified practitioner is required before any submission to a CVE numbering authority or public disclosure program.

Pre-submission and review evidence

Prepare evidence before official review.

Use Code Scanner for pre-submission evidence packs, submission blocker reports, buyer security review artifacts, and remediation planning for AI-enabled apps, managed packages, partner apps, extensions, and integrations.

It supports pre-submission and validation workflows. It does not replace official Salesforce, Splunk, GitHub, AWS, partner, or marketplace security review.

Architecture

A meta-engine for AI code review evidence.

SecEng Code Scanner combines native AI security rules, source-context enrichment, path grouping, validation planning, and evidence export. It can also ingest customer-owned scanner output when the customer has the right to use it.

Import support does not mean SecEng bundles or resells third-party commercial tools or maintained rule sets.

Engine stages

  • Native SecEng AI rulepacks
  • AST-lite enrichment
  • Target profiling
  • Attack-path grouping
  • CVE-likelihood scoring
  • Harness planning
  • Disclosure-case generation
  • Buyer-evidence export
  • SARIF/import adapters

Inputs it can consume

  • native SecEng scan output
  • SARIF
  • customer-owned Semgrep JSON/SARIF output
  • CodeQL, Snyk, or Sonar output where the customer has rights
  • Salesforce Code Analyzer output where applicable
  • Splunk AppInspect output where applicable

Commercial paths

Three ways to buy

Consulting-backed for teams that need expert triage now. Licensed tooling for ongoing scanning. OEM for scanner vendors who need the AI detection layer.

Expert Review

Consulting Engagement

Scanner runs inside a Launch Security Review, red-team engagement, or product security assessment. Code risk turned into buyer-ready findings with human triage.

Start No-Cost Scoping

Repeatable Scanning

Team License

Recurring scanning across your organization. Developer exports, Jira backlog integration, SARIF, VS Code diagnostics, and safe validation plans.

View Pricing

Scanner Providers · MSSP

OEM Scan Module

SecEng Scan as a white-label AI detection layer for your tool. SARIF-native output, headless binary or localhost sidecar, no scanner rebuild required.

Request OEM Packet

OEM and scanner-provider packaging

Your scanner covers the web. It doesn't cover AI-generated code, LLM apps, or agentic workflows.

SecEng Scan adds the AI layer. Packaged as a headless binary, localhost sidecar, private worker, or white-label module. Outputs in SARIF, JSON, Markdown, and evidence bundles that fit the existing scanner workflow — no shared code ownership, no scanner rebuild required.

  • Customers are asking for AI security scanner coverage and your roadmap doesn't have room to build it
  • Your DAST tool covers web and APIs but not AI-generated code, LLM application patterns, or agentic workflows
  • A prospect's security questionnaire is asking about AI scanner coverage and you don't have an answer yet
  • An MSSP's managed scanning service needs an AI module they can offer under their service brand
  • Your scanner product team wants a SARIF-native AI findings feed without building the detection engine

SecEng Scan outputs are designed for scanner-native ingestion and human-reviewed triage. Findings flow into the partner's existing review workflow — not directly to end customers as automated claims.

Pricing & access

Start with tooling. Add expert review when the stakes are higher.

Use a license for repeatable scanning and developer exports, or scope a Workbench-backed review when a marketplace submission, enterprise buyer, or disclosure candidate needs human triage.

Starter

$199/mo

Monthly scans for one organization. AI attack-path report, SARIF and Markdown exports.

Team

$499/mo

Weekly scans across your organization. VS Code/SARIF/Jira exports, developer export and validation evidence pack, control matrix, and safe validation plans.

Review Pro

$1,299/mo

Unlimited apps/repos/packages, pre-submission evidence packs, white-label evidence, CVE candidate triage, variant and patch-diff checks.

AI Code Mini-Scan

$149 one-time

Find the top AI attack paths in one private repo. Attack-path report, SARIF, Markdown, and validation plan. No subscription required.

Request Mini-Scan

AI SECURITY ENGINEERING WORKBENCH

Ready to put SecEng Code Scanner to work?

Start with a licensed scan or scope a Workbench-backed review. We’ll identify AI-native code attack paths, rank the evidence, and produce the remediation and marketplace-readiness artifacts your team can actually use.

Also in the Workbench

WHAT AI DO WE HAVE?

SecEng Surface Scanner

Browser, repo & IDE discovery for AI assets, vendors, and risky patterns.

Explore

WHAT DID IT ACTUALLY DO?

SecEng Runtime Proxy

MITM capture, replay & runtime evidence reconstruction.

Explore

HOW CAN IT FAIL UNDER ATTACK?

SecEng Adversarial Range

Scenario-driven AI red-team testing for prompts, agents, tools, RAG, and multimodal systems.

Explore

WHAT CAN AGENTS ACTUALLY DO?

SecEng Authority Graph

Agent authority, tool permissions, approval paths & delegated-action risk.

Explore

WAS RETRIEVAL AUTHORIZED?

SecEng RAG Test Harness

Test retrieval security & context authorization.

Explore

WHERE ARE THE TRUST BOUNDARIES?

SecEng Threat Canvas

Structured AI threat modeling, trust-boundary mapping, and abuse-path planning.

Explore

WHAT DO OUR PUBLIC AI CLAIMS REVEAL?

SecEng Trust Scanner

Public trust surface scoring across six AI governance dimensions.

Explore

WHERE DO TRUST BOUNDARIES LIVE IN JIRA?

Atlassian Threat Canvas

AI threat models that ship to Jira and Confluence.

Explore

DO YOUR AGENTS HAVE TOO MUCH PERMISSION?

SecEng Agent Permission Analyzer

Deterministic permission security analysis for AI agent tool configs.

Explore

WHAT'S INSIDE YOUR AI ARTIFACTS?

SecEng Artifact Analyzer

Static artifact intelligence for AI security and evidence packaging.

Explore

HOW RESILIENT IS YOUR SYSTEM TO INJECTION?

SecEng Injection Harness

Structured prompt injection probes with evidence session export.

Explore

ARE YOUR PROMPTS SECURE?

SecEng Prompt Reviewer

Deterministic rule-based scanner for system prompts and RAG corpus documents.

Explore

WHO CONTROLS WHAT MODELS CAN DO?

SecEng Model Gateway

Governed AI routing, policy enforcement, and spend control.

Explore

WHAT DOES YOUR AI SECURITY PROGRAM LOOK LIKE?

SecEng Program Blueprint Kit

Complete AI security program structure for Jira, Confluence, and Linear.

Explore

IS YOUR MODEL OUTPUT SAFE TO RENDER?

SecEng Output Safety Tester

Deterministic AI output safety analysis across 8 sink types.

Explore

WHERE DOES YOUR PROGRAM STAND?

AI Security Program Scorecard

14-domain AI product security baseline with evidence pack generation.

Explore

WHAT CAN YOUR AI TOOLS REALLY DO?

SecEng Tool Capsule Analyzer

Analyze MCP servers, OpenAPI specifications, and AI tool definitions to understand capabilities, permissions, and attack surface.

Explore

WHERE ARE YOUR PRODUCTION PROMPTS?

SecEng Prompt Asset Scanner

Inventory and review system prompts, developer prompts, agent instructions, and prompt templates for security risks.

Explore

WHAT CAN YOUR AGENTS ACTUALLY DO?

SecEng Agent Authority Diff

Compare declared permissions with observed capabilities to identify excessive agent privileges and unsafe tool access.

Explore

WHICH AI DEPENDENCIES CHANGE RELEASE RISK?

SecEng Supply Chain Scanner

Identify AI-specific dependency, model loader, framework, and supply-chain security risks.

Explore

CAN YOU PROVE WHAT YOUR EVALS COVER?

SecEng Eval Coverage Auditor

Measure whether AI security evaluations adequately cover prompt injection, tool abuse, RAG, memory, and other critical attack classes.

Explore

ARE YOUR AI CONFIGS SAFE TO DEPLOY?

SecEng AI Config Linter

Identify AI-specific dependency, model loader, framework, and supply-chain security risks.

Explore

CAN YOU PROVE WHAT YOU'VE DONE?

SecEng Evidence Packs

Buyer-ready evidence artifacts from AI security assessment and testing.

Explore