Share
## https://sploitus.com/exploit?id=B1A8FB2C-768A-5813-9CEC-B4D1D1A86D9A
# AICerberus ๐Ÿบ

**AI supply chain security scanner** โ€” one command to scan all AI/ML dependencies and model files for CVEs, pickle exploits, and license risks.

[![CI](https://github.com/hidearmoon/aicerberus/actions/workflows/ci.yml/badge.svg)](https://github.com/hidearmoon/aicerberus/actions/workflows/ci.yml)
[![PyPI version](https://img.shields.io/pypi/v/aicerberus.svg)](https://pypi.org/project/aicerberus/)
[![Python](https://img.shields.io/pypi/pyversions/aicerberus.svg)](https://pypi.org/project/aicerberus/)
[![License](https://img.shields.io/badge/license-Apache--2.0-blue.svg)](LICENSE)
[![Stars](https://img.shields.io/github/stars/hidearmoon/aicerberus?style=social)](https://github.com/hidearmoon/aicerberus)

> ๐ŸŒ [ไธญๆ–‡ๆ–‡ๆกฃ](README_zh.md)

---

## What is AICerberus?

AICerberus is the **"Trivy for AI supply chains"** โ€” a CLI tool that scans your project for security risks that existing SCA tools (Snyk, Trivy, Grype) **completely miss**:

| Risk Category | Traditional SCA | AICerberus |
|---|---|---|
| PyPI CVE scanning | โœ… | โœ… |
| Pickle deserialization attacks | โŒ | โœ… |
| PyTorch model file analysis | โŒ | โœ… |
| AI-specific licenses (OpenRAIL, Llama) | โŒ | โœ… |
| HuggingFace model card risks | โŒ | โœ… |
| CycloneDX AI SBOM generation | โŒ | โœ… |

---

## Quick Start

```bash
pip install aicerberus
cerberus scan .
```

That's it. AICerberus will scan your current directory and report all findings.

---

## Features

- **๐Ÿ” Dependency CVE Scanning** โ€” Queries the [OSV database](https://osv.dev) for known vulnerabilities in 50+ AI/ML packages (PyTorch, TensorFlow, LangChain, Transformers, etc.)
- **โ˜ฃ๏ธ Model File Analysis** โ€” Safely disassembles pickle opcodes (without executing them) to detect malicious payloads like `os.system`, `subprocess.Popen`, `eval`/`exec`
- **๐Ÿ“œ License Compliance** โ€” Detects restrictive AI licenses: OpenRAIL variants, Llama 2/3, Gemma (commercial prohibitions), CC-BY-NC (non-commercial), AGPL/GPL (copyleft)
- **๐Ÿ“ฆ AI SBOM Generation** โ€” Outputs a [CycloneDX v1.5](https://cyclonedx.org) SBOM with all AI components, CVE cross-references, and model file hashes
- **๐Ÿš€ Fast & Local** โ€” No data leaves your machine (except OSV/HuggingFace API queries for vulnerability lookups)

---

## Installation

```bash
# PyPI (recommended)
pip install aicerberus

# From source
git clone https://github.com/hidearmoon/aicerberus
cd aicerberus
pip install -e .
```

---

## Usage

### Basic scan

```bash
cerberus scan /path/to/your/project
```

### Filter by severity

```bash
cerberus scan . --severity high
```

### Show remediation recommendations

```bash
cerberus scan . --fix
```

### Export as JSON

```bash
cerberus scan . --format json --output report.json
```

### Generate AI SBOM (CycloneDX)

```bash
cerberus scan . --format sbom --output sbom.json
```

### Skip specific scanners

```bash
cerberus scan . --skip-deps --skip-licenses   # model files only
```

### With HuggingFace token (for private model cards)

```bash
cerberus scan . --hf-token $HF_TOKEN
# or set env var: export HF_TOKEN=hf_...
```

---

## Output Example

```
โ•ญโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ
โ”‚  AICerberus v0.1.0  AI Supply Chain...  โ”‚
โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ

  AI/ML Dependency Vulnerabilities
  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
  โ”‚ Package     โ”‚ Version โ”‚ CVE          โ”‚ Severity โ”‚ CVSS โ”‚ Summary             โ”‚
  โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
  โ”‚ torch       โ”‚ 1.9.0   โ”‚ CVE-2022-... โ”‚ ๐Ÿ”ด HIGH  โ”‚ 7.8  โ”‚ Arbitrary code ...  โ”‚
  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

  Model File Risks
  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
  โ”‚ File        โ”‚ Format โ”‚ Severity         โ”‚ Risk                โ”‚
  โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ผโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
  โ”‚ model.pkl   โ”‚ pickle โ”‚ ๐Ÿ”ด CRITICAL      โ”‚ MALICIOUS_PAYLOAD   โ”‚
  โ”‚             โ”‚        โ”‚ โš  Dangerous:     โ”‚ GLOBAL:os system    โ”‚
  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ดโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

โ•ญโ”€ AICerberus v0.1.0 โ€” Scan Summary โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฎ
โ”‚  ๐Ÿ”ด Overall severity: CRITICAL               โ”‚
โ”‚  CVEs found:           2                     โ”‚
โ”‚  Model file risks:     1                     โ”‚
โ”‚  License issues:       1                     โ”‚
โ•ฐโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ•ฏ
```

---

## Supported File Formats

| Format | Extension | Analysis |
|--------|-----------|---------|
| Pickle | `.pkl`, `.pickle` | Full opcode disassembly |
| PyTorch | `.pt`, `.pth`, `.bin` | ZIP extraction + pickle analysis |
| Joblib | `.joblib` | Unsafe serialization flag |
| SafeTensors | `.safetensors` | Safe format (low risk) |
| ONNX | `.onnx` | Safe format (low risk) |
| HDF5 | `.h5`, `.hdf5` | Structural risk flag |
| TensorFlow SavedModel | `.pb` | Structural risk flag |

---

## Supported Dependency Files

- `requirements.txt` / `requirements-*.txt`
- `pyproject.toml` (PEP 621 + Poetry)
- `Pipfile`
- `setup.py`, `setup.cfg`

---

## Exit Codes

| Code | Meaning |
|------|---------|
| `0` | No risks found |
| `1` | One or more risks found |
| `2` | Scan error |

---

## CI Integration

```yaml
# .github/workflows/ai-security.yml
- name: AI Supply Chain Scan
  run: |
    pip install aicerberus
    cerberus scan . --severity high
```

---

## Why Not Just Use Trivy / Snyk?

Existing SCA tools were designed before the AI/ML era. They:

1. **Don't analyze model files** โ€” a malicious `.pkl` file can execute arbitrary code on `pickle.load()`, but Trivy/Snyk don't scan these
2. **Don't understand AI licenses** โ€” OpenRAIL, Llama 2 Community License, Gemma Terms all have use restrictions that standard SPDX checks miss
3. **Don't cover AI-specific CVEs well** โ€” many ML framework CVEs are underreported in NVD/GHSA but present in OSV

AICerberus fills this gap.

---

## Contributing

```bash
git clone https://github.com/hidearmoon/aicerberus
cd aicerberus
pip install -e ".[dev]"
pytest tests/
```

PRs welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.

---

## License

Apache 2.0 โ€” see [LICENSE](LICENSE)

---

*Built by [OpenForge AI](https://github.com/hidearmoon) โ€” focused on AI security, observability, and toolchain.*