100% Open Source (Apache 2.0)

Secure Your AI Supply Chain
Models • Data • RAG

The ultimate Data Firewall for AI platform. Detect malware in Models, data poisoning & PII in Datasets and prompt injections in RAG pipelines. Built for strict enterprise compliance.

$ pip install veritensor[all]
veritensor-cli — 80x24
~ veritensor scan ./project --report-to https://api.veritensor.internal
Scanning 4 files with Hybrid Routing...
FAIL train.parquet: HIGH: Data Poisoning (Injection) detected in row 14,502.
FAIL finance_report.xlsx: HIGH: Excel Formula Injection (CSV) detected.
FAIL resume.pdf: CRITICAL: Semantic Prompt Injection [Confidence: 0.99].
SKIP docs.md: AI Verification dropped Regex false positive.
PASS model.safetensors: Verified against Hugging Face Hub.
❌ BLOCKING DEPLOYMENT

Under the Hood

We don't just grep strings. Veritensor uses advanced static analysis, ML models, and cryptographic proofs to enforce true AI Risk Management.

Step 01

Deep Static Analysis

Veritensor implements custom engines for every AI artifact type. It builds ASTs for code and parses binary structures for models.

  • Smart Filtering: AI Verification automatically drops Regex false positives, eliminating Alert Fatigue.
  • Stealth Detection: Finds text hidden via CSS (font-size:0) in PDFs and LSB Steganography in images.
  • Pickle VM: Emulates stack execution to find RCE payloads in .pkl without running them.
injection.py
def
scan_document
(file):
# 1. Check Magic Numbers
if
is_executable(file):
return "Malware disguised as PDF"
# 2. Scan Raw Bytes for CSS Hacks
if
has_stealth_css(file):
return "Hidden Text Detected"
Hash Verification MATCH
Local File: pytorch_model.bin
Local SHA256: a1b2...9f8e
Remote Repo: meta-llama/Llama-2-7b
Remote SHA256: a1b2...9f8e
Step 02

Integrity & Supply Chain

Veritensor secures your dependencies and model sources, ensuring a Secure SDLC.

  • Software Supply Chain Security: Checks requirements.txt and poetry.lock for Typosquatting and known CVEs via OSV.dev.
  • Hash-to-API Verification: Calculates SHA256 (handling LFS pointers) and verifies it against the immutable Hugging Face registry.
Step 03

Data & RAG Security

Veritensor extends protection beyond models. It uses GLiNER and DeBERTa for advanced semantic analysis.

  • Data Poisoning: Stream-scans massive Parquet, CSV, and Excel files for malicious URLs and prompt injections.
  • S3 Buckets Scanning: Recursively scans .zip and .tar.gz files in-memory, protecting against Zip Bombs.
  • PII Discovery: Uses GLiNER (Zero-Shot NER) to detect and mask personal data in RAG documents across 100+ languages.
dataset_engine.py
# 1. Scan 50GB Parquet Dataset
veritensor scan ./train.parquet --full-scan
# Output:
HIGH: Data Poisoning detected
Pattern: "Ignore previous instructions"
Row: 14,502
# 2. Scan Excel for RAG
veritensor scan ./finance.xlsx
# Output:
HIGH: Formula Injection found
Cell A1: =CMD|'/C calc'!A0
# Generating Data Provenance
$ veritensor manifest ./data --output provenance.json
Manifest saved to provenance.json
{
  "timestamp": "2026-02-17T12:00:00Z",
  "artifacts":[
    {"path": "train.parquet", "hash": "sha256...", "status": "PASS"}
  ]
}
Step 04

Governance & Provenance

Discover Shadow AI and enforce AI Governance with Cryptographic Manifests.

  • Data Manifest: Create a JSON snapshot of your dataset's security state for compliance (EU AI Act, SOC2).
  • Container Signing: Sign your Docker images with Sigstore Cosign, embedding scan results as attestation.

Installation options

Keep your environment lean. Install only what you need.

Core Scanner

~50 MB

Lightweight. Perfect for CI/CD pipelines. Scans Models (Pickle/Keras), Notebooks, and Dependencies.

pip install veritensor
Recommended

Full Platform

~700 MB

The complete toolkit. Adds support for Datasets (Parquet/CSV), RAG Docs (PDF/Excel), and PII Discovery.

pip install veritensor[all]

Modular

Custom

Install specific extras: [data] for Parquet/Excel, [rag] for PDFs, [pii] for GLiNER or [aws] for S3.

pip install veritensor[data]

Why Traditional Security Tools Fail

General-purpose scanners treat AI models as opaque "binary blobs" and ignore privacy leaks in data. Veritensor is the premier Snyk alternative for AI, understanding internal model structures and auditing PII in datasets.

Capability
Veritensor
Traditional SCA
(Snyk, Trivy)		 Endpoint AV
(ClamAV, CrowdStrike)
Model Security
Pickle Bytecode Analysis Deep AST / VM No (Text only) No (Signatures only)
Keras Lambda Injection Config Parsing No No
Data & RAG Security
Dataset Poisoning (Parquet/Excel) Streaming Regex No No (File too big)
RAG Prompt Injection DeBERTa / Stealth No Partial (Strings)
Shadow AI & Governance Code + Outputs + PII Code only No
Supply Chain
Dependency Security Typosquatting + CVE Yes (CVE only) No
Container Signing Sigstore Cosign No No

* Veritensor is designed to complement, not replace, your existing SCA tools. We secure the AI Assets (Models, Data, & RAG).

Extended version

Scale AI Security & Governance across your Organization

Move from local scanning to global enforcement. Gain visibility, control, and compliance over every AI asset—from Data to Deployment.

  • Heavy ML Analysis Engine Offload heavy lifting to our Dockerized Control Plane. Uses DeBERTa for semantic injections and EasyOCR for image steganography.
  • AI Governance & Shadow AI Centralized Asset Inventory. Track every model and dataset. Discover Shadow AI usage and enforce strict AI Risk Management.
  • Active Sanitization (RAG DLP) Automatically redact PII from datasets and clean secrets from notebooks before they reach your Vector DB. Ensure absolute AI data privacy.
  • Air-Gapped & S3 Integration Deploy inside your VPC. Scan massive S3 buckets and data lakes locally with Zero Data Exfiltration.
  • Regulatory Ready (DORA, CRA, NIS2) Built for strict European and Global standards. Generate Cryptographic Manifests and AI-SBOMs for one-click auditor reporting (EU AI Act, SOC2).

Join the Waitlist

Get early access to extended version features and a free security audit consultation.

We will only contact you regarding the extended version release. No marketing spam.