Share
## https://sploitus.com/exploit?id=B1A8FB2C-768A-5813-9CEC-B4D1D1A86D9A
# AICerberus ๐บ
**AI supply chain security scanner** โ one command to scan all AI/ML dependencies and model files for CVEs, pickle exploits, and license risks.
[](https://github.com/hidearmoon/aicerberus/actions/workflows/ci.yml)
[](https://pypi.org/project/aicerberus/)
[](https://pypi.org/project/aicerberus/)
[](LICENSE)
[](https://github.com/hidearmoon/aicerberus)
> ๐ [ไธญๆๆๆกฃ](README_zh.md)
---
## What is AICerberus?
AICerberus is the **"Trivy for AI supply chains"** โ a CLI tool that scans your project for security risks that existing SCA tools (Snyk, Trivy, Grype) **completely miss**:
| Risk Category | Traditional SCA | AICerberus |
|---|---|---|
| PyPI CVE scanning | โ
| โ
|
| Pickle deserialization attacks | โ | โ
|
| PyTorch model file analysis | โ | โ
|
| AI-specific licenses (OpenRAIL, Llama) | โ | โ
|
| HuggingFace model card risks | โ | โ
|
| CycloneDX AI SBOM generation | โ | โ
|
---
## Quick Start
```bash
pip install aicerberus
cerberus scan .
```
That's it. AICerberus will scan your current directory and report all findings.
---
## Features
- **๐ Dependency CVE Scanning** โ Queries the [OSV database](https://osv.dev) for known vulnerabilities in 50+ AI/ML packages (PyTorch, TensorFlow, LangChain, Transformers, etc.)
- **โฃ๏ธ Model File Analysis** โ Safely disassembles pickle opcodes (without executing them) to detect malicious payloads like `os.system`, `subprocess.Popen`, `eval`/`exec`
- **๐ License Compliance** โ Detects restrictive AI licenses: OpenRAIL variants, Llama 2/3, Gemma (commercial prohibitions), CC-BY-NC (non-commercial), AGPL/GPL (copyleft)
- **๐ฆ AI SBOM Generation** โ Outputs a [CycloneDX v1.5](https://cyclonedx.org) SBOM with all AI components, CVE cross-references, and model file hashes
- **๐ Fast & Local** โ No data leaves your machine (except OSV/HuggingFace API queries for vulnerability lookups)
---
## Installation
```bash
# PyPI (recommended)
pip install aicerberus
# From source
git clone https://github.com/hidearmoon/aicerberus
cd aicerberus
pip install -e .
```
---
## Usage
### Basic scan
```bash
cerberus scan /path/to/your/project
```
### Filter by severity
```bash
cerberus scan . --severity high
```
### Show remediation recommendations
```bash
cerberus scan . --fix
```
### Export as JSON
```bash
cerberus scan . --format json --output report.json
```
### Generate AI SBOM (CycloneDX)
```bash
cerberus scan . --format sbom --output sbom.json
```
### Skip specific scanners
```bash
cerberus scan . --skip-deps --skip-licenses # model files only
```
### With HuggingFace token (for private model cards)
```bash
cerberus scan . --hf-token $HF_TOKEN
# or set env var: export HF_TOKEN=hf_...
```
---
## Output Example
```
โญโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฎ
โ AICerberus v0.1.0 AI Supply Chain... โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
AI/ML Dependency Vulnerabilities
โโโโโโโโโโโโโโโฌโโโโโโโโโโฌโโโโโโโโโโโโโโโฌโโโโโโโโโโโฌโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโ
โ Package โ Version โ CVE โ Severity โ CVSS โ Summary โ
โโโโโโโโโโโโโโโผโโโโโโโโโโผโโโโโโโโโโโโโโโผโโโโโโโโโโโผโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโค
โ torch โ 1.9.0 โ CVE-2022-... โ ๐ด HIGH โ 7.8 โ Arbitrary code ... โ
โโโโโโโโโโโโโโโดโโโโโโโโโโดโโโโโโโโโโโโโโโดโโโโโโโโโโโดโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโ
Model File Risks
โโโโโโโโโโโโโโโฌโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโฌโโโโโโโโโโโโโโโโโโโโโโ
โ File โ Format โ Severity โ Risk โ
โโโโโโโโโโโโโโโผโโโโโโโโโผโโโโโโโโโโโโโโโโโโโผโโโโโโโโโโโโโโโโโโโโโโค
โ model.pkl โ pickle โ ๐ด CRITICAL โ MALICIOUS_PAYLOAD โ
โ โ โ โ Dangerous: โ GLOBAL:os system โ
โโโโโโโโโโโโโโโดโโโโโโโโโดโโโโโโโโโโโโโโโโโโโดโโโโโโโโโโโโโโโโโโโโโโ
โญโ AICerberus v0.1.0 โ Scan Summary โโโโโโโโโโโฎ
โ ๐ด Overall severity: CRITICAL โ
โ CVEs found: 2 โ
โ Model file risks: 1 โ
โ License issues: 1 โ
โฐโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโฏ
```
---
## Supported File Formats
| Format | Extension | Analysis |
|--------|-----------|---------|
| Pickle | `.pkl`, `.pickle` | Full opcode disassembly |
| PyTorch | `.pt`, `.pth`, `.bin` | ZIP extraction + pickle analysis |
| Joblib | `.joblib` | Unsafe serialization flag |
| SafeTensors | `.safetensors` | Safe format (low risk) |
| ONNX | `.onnx` | Safe format (low risk) |
| HDF5 | `.h5`, `.hdf5` | Structural risk flag |
| TensorFlow SavedModel | `.pb` | Structural risk flag |
---
## Supported Dependency Files
- `requirements.txt` / `requirements-*.txt`
- `pyproject.toml` (PEP 621 + Poetry)
- `Pipfile`
- `setup.py`, `setup.cfg`
---
## Exit Codes
| Code | Meaning |
|------|---------|
| `0` | No risks found |
| `1` | One or more risks found |
| `2` | Scan error |
---
## CI Integration
```yaml
# .github/workflows/ai-security.yml
- name: AI Supply Chain Scan
run: |
pip install aicerberus
cerberus scan . --severity high
```
---
## Why Not Just Use Trivy / Snyk?
Existing SCA tools were designed before the AI/ML era. They:
1. **Don't analyze model files** โ a malicious `.pkl` file can execute arbitrary code on `pickle.load()`, but Trivy/Snyk don't scan these
2. **Don't understand AI licenses** โ OpenRAIL, Llama 2 Community License, Gemma Terms all have use restrictions that standard SPDX checks miss
3. **Don't cover AI-specific CVEs well** โ many ML framework CVEs are underreported in NVD/GHSA but present in OSV
AICerberus fills this gap.
---
## Contributing
```bash
git clone https://github.com/hidearmoon/aicerberus
cd aicerberus
pip install -e ".[dev]"
pytest tests/
```
PRs welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.
---
## License
Apache 2.0 โ see [LICENSE](LICENSE)
---
*Built by [OpenForge AI](https://github.com/hidearmoon) โ focused on AI security, observability, and toolchain.*