# AI Security AI Security addresses one of the most rapidly emerging and least understood risk categories in modern software delivery — the security of AI-driven development workflows, AI-generated code, LLM systems, and autonomous AI agents. As organizations increasingly adopt AI tools — from code generation assistants like GitHub Copilot to autonomous agents and large language models — the attack surface expands beyond traditional software vulnerabilities into entirely new areas: model manipulation, prompt injection, data leakage, insecure agent behavior, and AI-generated code that introduces hidden security debt. OpsMx Delivery Shield treats AI Security as a **cross-cutting layer** within the Code-to-Cloud model — augmenting traditional security controls with AI-specific safeguards that operate from development through to runtime. {% hint style="info" %} AI Security in OpsMx ensures that AI systems remain reliable, trustworthy, and aligned with enterprise security standards — at every stage of their lifecycle. {% endhint %} ## Why AI Security Is Used in OpsMx Traditional security scanners were not built for AI systems. They cannot detect prompt injection in an LLM, identify poisoned weights in a model file, or flag insecure patterns in AI-generated code that looks syntactically correct. OpsMx integrates AI Security into Delivery Shield to: * **Close the AI security blind spot** — extending Code-to-Cloud coverage to AI-generated code, model artifacts, and LLM endpoints * **Govern AI-assisted development** — ensuring AI tools like Copilot, Replit, and Cursor do not silently introduce vulnerabilities * **Protect LLMs in production** — continuously testing deployed models against adversarial prompts, jailbreaks, and data leakage * **Secure AI agent interactions** — enforcing strict boundaries on what autonomous agents can do, access, and modify * **Meet emerging AI compliance mandates** — NIST AI RMF, EU AI Act, and organizational AI governance policies ### AI Security Capability Areas | Capability | Tool | What It Secures | | --------------------------------- | ----------------------- | ----------------------------------------------------------------- | | **AI Generated Code Analysis** | Semgrep + Trivy | Security of code produced by AI coding assistants | | **AI Model Scanning** | ModelScan | ML model artifact integrity, malware, and poisoned weights | | **LLM Adversarial Testing** | Garak | Prompt injection, jailbreaks, behavioral drift in live LLMs | | **Secure AI Dev Environment** | NBDefense | Notebooks (Jupyter/VS Code) — secrets, PII, unsafe packages | | **Agent / MCP Security** | Custom policies + OPA | Autonomous agent boundaries, tool usage, context poisoning | | **Dynamic & Runtime AI Security** | Garak + Runtime Signals | Live AI system monitoring, anomaly detection, response validation | ### AI Generated Code Analysis AI Generated Code Analysis validates and secures code produced by AI coding assistants — such as GitHub Copilot, Replit, Cursor, Bolt, and Lovable — before it enters the development pipeline or is committed to a repository. AI-generated code accelerates development but often introduces hidden risks: insecure coding patterns, vulnerable third-party dependencies, hardcoded credentials, non-compliant implementations, and license violations in AI-suggested libraries. #### **Why It Is Used in OpsMx** A recent Stanford study showed that developers using AI coding assistants are statistically more likely to introduce insecure code if security guardrails are not enforced. OpsMx uses AI Generated Code Analysis to: * **Scan AI-generated code for CVEs, insecure patterns, and secrets** — using the same Semgrep, SonarQube, and Trivy engines that scan human-written code * **Evaluate third-party libraries suggested by AI** — ensuring they do not introduce known vulnerabilities or licensing risks * **Provide immediate developer feedback** — surfacing issues at the point of code generation, not weeks later * **Prevent AI from becoming a source of security debt** — ensuring AI acts as a productivity enhancer, not a vulnerability generator #### **Key Capabilities in Delivery Shield** * **SAST scanning** of AI-generated code using Semgrep and Opengrep * **SCA scanning** of AI-suggested dependencies via Trivy and Grype * **Secrets detection** — flags tokens, API keys, and passwords in AI-generated outputs * **License risk visibility** — identifies unapproved or viral licenses before they block releases * **Risk-based prioritization** — focus only on exploitable, high-impact vulnerabilities, not noise * **Audit-ready SBOM** — instant CycloneDX/SPDX SBOM generation for AI-generated code artifacts #### **Benefits for the User** * Scan AI-generated code in minutes without slowing down development sprints * Developers retain full AI productivity gains while security guardrails run silently in the background * Security teams gain visibility into every AI-suggested dependency and its risk posture ### Agent / MCP Security Agent / MCP Security secures how AI agents and Model Context Protocol (MCP)-based systems interact with tools, APIs, data sources, and external environments. As AI agents become increasingly autonomous — orchestrating tasks, calling APIs, modifying files, and making decisions — the security boundaries around their behavior become critical. MCP (Model Context Protocol) enables structured communication between AI models and external tools. Without proper controls, this communication layer can be exploited through prompt injection, privilege escalation, unauthorized data access, and manipulation of execution context. #### **Why It Is Used in OpsMx** OpsMx uses Agent / MCP Security to: * **Enforce strict boundaries** on what AI agents can perform — preventing unauthorized actions, privilege escalation, and data exfiltration * **Validate tool usage** — ensuring agents only call approved tools with expected parameters * **Protect against context poisoning** — blocking malicious instructions that attempt to redirect agent behavior * **Maintain auditability** — logging every agent action, tool call, and decision for governance and compliance review * **Secure multi-agent orchestration** — controlling how agents communicate with each other and with external systems #### **Key Capabilities in Delivery Shield** | Capability | Description | | ----------------------------------------- | -------------------------------------------------------------------------------------- | | **Identity & Access Control** | Assigns identities to AI agents and enforces least-privilege access to tools and data | | **Policy Enforcement for Tool Execution** | OPA-based policies validate every tool call before it executes | | **Context Validation** | Detects and blocks prompt injection attempts that attempt to modify agent instructions | | **Continuous Activity Monitoring** | Logs all agent interactions in real time for anomaly detection and audit | | **Secure Communication** | mTLS-enforced communication between agents and external systems | | **Permission Boundaries** | Defines hard limits on what resources agents can read, write, or modify | ## **Benefits for the User** * Organizations can safely leverage AI automation without losing control over what agents do * Every agent action is logged, traceable, and auditable — meeting enterprise governance requirements * Prompt injection and context manipulation attacks are blocked before they influence agent behavior --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.opsmx.com/code-to-cloud-security-and-scanners/ai-security.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.