AI SAST
The AI SAST Analyzer performs static analysis of AI/ML application code, pipelines, and configuration files to detect vulnerabilities, insecure patterns, and coding risks. It scans prompts, agents, and infrastructure-as-code for AI-specific security issues.
Required Blueprints: AWS, GitHub, Bitbucket, Azure DevOps
Sightlines
| Sightline | Description |
|---|---|
| Prompts | Insights into AI natural language prompt security across your codebase. Covers system prompts, instruction strings, and prompt templates. |
| Skills | Insights into LLM tool and skill definition security. Covers tool schemas, function definitions, and agent action groups. |
| Agents | Insights into AI agent code security and vulnerability posture. |
| IaC & Config | Insights into AI infrastructure-as-code and configuration security. |
Explorer Node Types
Use these node types in Explorer or KAI to query resources surfaced by this analyzer:
sca.ai.AIResource, sca.ai.Misconfiguration, sca.apibom.PromptDetectionResult, sca.apibom.PromptVulnerability, sca.apibom.SkillDetectionResult, sca.apibom.SkillVulnerability, aws.bedrock.PromptVulnerability
Related Analyzers
- AI IAM — Access control for AI models and agents
- AI DAST — Dynamic testing complements static analysis findings
- Repository — AI/ML code scanned from source repositories
- Code — General code security alongside AI-specific findings