Scan your source code once, and let AI-SBOM power every step of your security workflow.
Extract every AI component — agents, models, tools, prompts, datastores, guardrails, auth nodes, IaC. Relationship between agents, tools, and guardrails is captured in a structured graph.
Deep security analysis of AI Stack against AI Security best practices and known vulnerabilities. Perfect during development.
Define your app's AI behavior in plain English. Check between intent and implementation, and score it against OWASP LLM, NIST, etc.
Attack scenarios derived from the SBOM — not generic payloads. Prompt injection, data exfiltration, tool abuse, MCP toxic flows, privilege escalation.
Most tools scan for known CVEs or send generic payloads at an LLM endpoint. NuGuard starts from the source code, understands your AI architecture, and derives security evidence — and attacks — from what your application actually does.
Red-team scenarios are derived from your SBOM graph, not a generic payload library. SQL injection scenarios only fire when the SBOM shows a SQL-injectable tool.
NuGuard reasons across component boundaries: "this agent has write access to a HIPAA-classified datastore via a tool with no auth boundary and no guardrail in the graph."
Supports 20+ AI framework APIs, relationship graphs, package dependencies, and more.
Write AI behavioral intent in plain English. NuGuard checks for implementation drifts and against other security frameworks.
Plant unique test data in your target app's database. The CanaryScanner checks definitive proof of data leakage, no LLM judge uncertainty.
Crescendo-style multi-turn conversations — rapport → normalise → bridge → escalate → inject — adapting in real-time based on each response.
Safe for air-gapped environments. Fast enough for pre-commit hooks and CI gates.
Wide-range of outputs supported. Feed into GitHub Code Scanning, or your own toolchain.
Filename, line no for evidence. Relationship graphs.
Frameworks like LangGraph, CrewAI, AutoGen, OpenAI Agents SDK, Google ADK, AWS BedrockAgentCore, Azure Semantic Kernel, Agno, and more.
LLM and embedding model references with provider, version, and model cards.
Function tools, MCP tools, and decorated callables wired to agents — including privilege scope (db_write, code_execution, shell).
System instructions and prompt templates — full content preserved, template variables identified, sensitive values redacted.
Vector stores, databases, and caches with PII/PHI classification.
Content filters and safety validators.
OAuth2, API key, Bearer, JWT, and MCP auth nodes. IAM roles, privilege scopes.
Kubernetes manifests, Terraform, CloudFormation, Azure Bicep, etc. Cloud region, HA mode, secret stores, IAM roles, encryption settings.
NuGuard answers the questions that matter most to each stakeholder — from source code evidence, not manual attestation.
Most red-team tools fire generic prompt libraries at an LLM endpoint. NuGuard knows your application context and tailors attacks accordingly. Attacks for a healthcare app vs a code generation tool are going to be different.
Attack scenarios are derived from the AI-SBOM graph and your
Cognitive Policy — not a generic payload library.
A PHI exfiltration scenario only fires when the SBOM contains a PII-classified datastore.
Minimal input required. Point NuGuard at your source repo — it builds the attack model automatically.
Attacks traverse the full agentic stack — not just the chat endpoint. NuGuard tests sub-agents, MCP tool servers, and guardrails.
The offline core — AI-SBOM generation, Deep AI Stack Analysis, Cognitive Policy Enforcement — requires no API key and no external network access. Run it anywhere.
Add --llm for
LLM enrichment. Add --target for
dynamic red-teaming. Both are opt-in.
# Install $ pip install nuguard # Generate AI-SBOM from source $ nuguard sbom generate --source ./my-ai-app --output app.sbom.json # Static analysis (7 scanners, no running app needed) $ nuguard analyze --sbom app.sbom.json --format markdown # Policy linting and compliance assessment $ nuguard policy check --policy cognitive_policy.md \ --sbom app.sbom.json --framework owasp-llm-top10 # Dynamic red-team scan (requires running app) $ nuguard redteam --sbom app.sbom.json \ --target http://localhost:8000 --profile ci
from pathlib import Path from nuguard.sbom import AiSbomConfig, AiSbomExtractor, AiSbomSerializer from nuguard.sbom.toolbox.plugins.vulnerability import VulnerabilityScannerPlugin # Generate AI-SBOM doc = AiSbomExtractor().extract_from_path( path=Path("./my-ai-app"), config=AiSbomConfig(), ) print(f"nodes={len(doc.nodes)}, edges={len(doc.edges)}") # Serialize json_str = AiSbomSerializer.to_json(doc) # Run structural vulnerability scan sbom = doc.model_dump(mode="json") result = VulnerabilityScannerPlugin().run(sbom, {"provider": "all"}) for f in result.details["findings"]: print(f["severity"], f["rule_id"], f["title"])
# .github/workflows/ai-security.yml
name: AI Security Scan
on: [push, pull_request]
jobs:
nuguard:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install NuGuard
run: pip install nuguard
- name: Generate AI-SBOM
run: nuguard sbom generate --source . --output app.sbom.json
- name: Static analysis — fail on HIGH+
run: nuguard analyze --sbom app.sbom.json \
--format sarif --output analysis.sarif \
--min-severity high
- name: Policy compliance check
run: nuguard policy check --sbom app.sbom.json \
--framework owasp-llm-top10
- name: Upload SARIF to GitHub Code Scanning
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: analysis.sarif
Run any plugin with nuguard sbom plugin run <name> --sbom app.sbom.json.
All offline plugins work with zero network access and no API key.
Install NuGuard, run your first scan, and get a complete security picture of every AI component in your codebase — in minutes, from source code, no API key required.