A Trivy plugin that audits AI / LLM
infrastructure for security issues that the stock scanners don't cover.
| Scanner |
What it finds |
vector-db-secrets |
Hard-coded Pinecone, Weaviate, Qdrant, OpenAI, HuggingFace, Cohere keys with vendor-prefix validation |
llm-gateway-misconfig |
LiteLLM / Helicone / OpenAI-proxy Deployments exposed via LoadBalancer, debug envs leaking prompts |
ai-runtime-hardening |
vLLM / Ollama / TGI / Triton containers running as root, with hostNetwork, or unpinned images |
trivy plugin install github.com/mkouchaoui/trivy-plugin-aisec
trivy aisec scan ./manifests/
trivy aisec scan ./manifests/ --format json
trivy aisec scan ./manifests/ --fail-on critical
trivy aisec scan ./manifests/ --skip-gateway
| Code |
Meaning |
0 |
scan succeeded, no findings ≥ --fail-on |
1 |
operational error (bad path, parse err) |
2 |
findings present at or above threshold |
| ID |
Severity |
Description |
| AISEC-SEC-001 |
CRITICAL |
Pinecone API key (pcsk_…) |
| AISEC-SEC-002 |
CRITICAL |
Weaviate API key |
| AISEC-SEC-003 |
CRITICAL |
Qdrant Cloud API key |
| AISEC-SEC-004 |
CRITICAL |
OpenAI API key (sk- / sk-proj-) |
| AISEC-SEC-005 |
CRITICAL |
HuggingFace token (hf_…) |
| AISEC-SEC-006 |
CRITICAL |
Cohere API key |
| AISEC-GW-001 |
HIGH |
LLM gateway exposed via LoadBalancer / NodePort |
| AISEC-GW-002 |
MEDIUM |
LLM gateway has unsafe debug / PII env |
| AISEC-RT-001 |
HIGH |
AI runtime uses hostNetwork |
| AISEC-RT-002 |
MEDIUM |
AI runtime container has no securityContext |
| AISEC-RT-003 |
HIGH |
AI runtime container runs as UID 0 |
| AISEC-RT-004 |
HIGH |
AI runtime container runAsNonRoot=false |
| AISEC-RT-005 |
CRITICAL |
AI runtime container is privileged |
| AISEC-RT-006 |
MEDIUM |
AI runtime image is not pinned |
git clone https://github.com/mkouchaoui/trivy-plugin-aisec
cd trivy-plugin-aisec
make build && ./aisec scan ./testdata/
Apache-2.0 (matches Trivy).