ai-infra-scan_en.md
1 # AI Infra Scan 2 3 ## Feature Overview 4 AI Infra Security Scan identifies known vulnerabilities (e.g., CVEs) in web services of AI infrastructure components through precise fingerprint matching. This enables rapid detection of security gaps, empowering teams to mitigate risks proactively and maintain secure, stable AI operations. 5 6 ## Core Features 7 - **Comprehensive Coverage**: Identifies **57 mainstream AI frameworks**, covering **1000+ known vulnerabilities** (CVEs). 8 - **Flexible Deployment**: Supports **single-target**, **batch**, and **local service ** scanning. 9 - **Intelligent Matching**: **YAML-based fingerprint rules** ensure high-precision detection accuracy. 10 - **Extensibility**: Enables **custom vulnerability templates** and **fingerprint rules** for specialized deployment scenarios. 11 12 ## Quick Start 13 14 ### WebUI Interface Workflow 15 16 1.Select `AI Infra Scan` from the main page. 17 18 2.Configure Scan Targets 19 - Enter single/multiple URLs or IP addresses (one per line) 20 - Import target lists via `.txt` file upload 21 - ✨ *IP inputs trigger comprehensive port scanning* 22 (Automatically checks common open ports) 23 24 3.Select a MLLM to detect unauthenticated vulnerabilities, recommended GPT5/Gemini Pro/Sonnet4.5. 25 26 4.Click `Send Message` button to initiate automated vulnerability detection. 27 Results will populate in real-time upon completion. 28 29  30 31  32 33 ## Fingerprint & Vulnerability Database 34 35 ### Built-in Fingerprint Repository 36 A.I.G includes **an extensive library of pre-configured AI component fingerprints**, accessible via the Plugin Management interface: 37 38 39 1. **Access plugin management** 40 Navigate to `Plugin Management` (bottom-left of the main page) 41 2. **Review Built-in Resources** 42 View all default fingerprint rules with search/filter capabilities 43 3. **Manage Fingerprints** 44 Perform real-time operations: 45 - 🔍 Search rules by name/description/contributor 46 - ➕ Add custom fingerprints and associated vulnerabilities 47 - ✏️ Edit existing fingerprints and associated vulnerabilities 48 49  50 ▶️ Changes apply immediately – subsequent scans automatically utilize updated databases 51  52 53 ## Supported AI Components & Vulnerability Coverage 54 55 A.I.G delivers comprehensive security coverage for critical AI infrastructure components. Current supported components and vulnerability statistics: 56 57 | Category | Component Name | Vulnerability Count | Risk Level | 58 | -------------------------- | ----------------------- | ------------------- | ----------- | 59 | **Model Serving** | gradio | 48 | High | 60 | | ollama | 26 | Medium-High | 61 | | triton-inference-server | 33 | Medium-High | 62 | | vllm | 46 | Medium | 63 | | xinference | 3 | Low | 64 | | fastchat | 7 | Medium | 65 | | llama-cpp | 3 | Low | 66 | | llmstudio | 1 | Low | 67 | | ChatRTX | 1 | Low | 68 | | kubeai | 1 | High | 69 | **LLM App Frameworks** | langchain | 51 | High | 70 | | dify | 21 | High | 71 | | anythingllm | 17 | Medium-High | 72 | | open-webui | 39 | Medium-High | 73 | | ragflow | 11 | Medium | 74 | | qanything | 8 | Medium | 75 | | langflow | 25 | Medium | 76 | | litellm | 20 | Medium | 77 | | mlflow | 66 | High | 78 | | librechat | 10 | Medium | 79 | | nextchat | 4 | Medium | 80 | | lobechat | 4 | Medium | 81 | | lobehub | 1 | Medium | 82 | | flowise | 3 | Medium | 83 | | langfuse | 3 | Low | 84 | | new-api | 2 | Medium | 85 | | Chuanhugpt | 27 | Medium-High | 86 | | crewai | 3 | Critical | 87 | **Data Processing** | clickhouse | 25 | High | 88 | | feast | 2 | Low | 89 | | dask | 3 | Low | 90 | **Visualization & UI** | jupyter-server | 14 | Medium-High | 91 | | jupyterlab | 8 | Medium | 92 | | jupyter-notebook | 2 | Low | 93 | **Workflow Orchestration** | kubeflow | 4 | Medium | 94 | | ray | 10 | Medium | 95 | | n8n | 33 | Medium-High | 96 | | simstudioai | 9 | Medium | 97 | **Other AI Components** | comfyui | 8 | Low | 98 | | comfy_mtb | 1 | Low | 99 | | ComfyUI-Prompt-Preview | 1 | Low | 100 | | ComfyUI-Custom-Scripts | 1 | Low | 101 | | ComfyUI-Impact-Pack | 1 | Low | 102 | | ComfyUI-Manager | 1 | Low | 103 | | ComfyUI-Ace-Nodes | 1 | Low | 104 | | ComfyUI-Bmad-Nodes | 1 | Low | 105 | | pyload-ng | 25 | Medium | 106 | | kubepi | 5 | Medium | 107 | | llamafactory | 4 | Low | 108 | | bentoml | 2 | Medium | 109 | | blinko | 1 | Low | 110 | | weknora | 2 | Low | 111 | | pinchtab | 6 | Medium-High | 112 | | wallos | 1 | Low | 113 | | praisonai | 2 | Medium | 114 | | text-generation-webui | 1 | Medium | 115 | | openclaw | 566 | Medium-High | 116 | **AI Agent Config Security** | AI-Agent-Config | 1 | High | 117 | **Total** | | **1000+** | | 118 119 > **Note**: The vulnerability database is continuously updated. Regular scanning of high-risk components is recommended. 120 121 ## Fingerprint Matching Rule Details 122 123 ### Rule Structure 124 125 AI Infra Guard uses YAML format to define fingerprint matching rules, which mainly include the following parts: 126 127 ```yaml 128 info: 129 name: Component Name 130 author: Rule Author 131 severity: Information Level 132 metadata: 133 product: Product Name 134 vendor: Vendor Name 135 http: 136 - method: HTTP Request Method 137 path: Request Path 138 matchers: 139 - Matching Conditions 140 ``` 141 142 ### Example: Dify Fingerprint Rule 143 144 ```yaml 145 info: 146 name: dify 147 author: Tencent Zhuque Lab 148 severity: info 149 metadata: 150 product: dify 151 vendor: dify 152 http: 153 - method: GET 154 path: '/' 155 matchers: 156 - body="<title>Dify</title>" || icon="97378986" 157 version: 158 - method: GET 159 path: '/console/api/version' 160 extractor: 161 part: header 162 group: 1 163 regex: 'x-version:\s*(\d+\.\d+\.?\d+?)' 164 ``` 165 166 ### Matcher Syntax Explanation 167 168 #### Match Locations 169 170 | Location | Description | Example | 171 | -------- | ----------------------- | ----------------------------------------- | 172 | `title` | HTML page title | `title="Gradio"` | 173 | `body` | HTTP response body | `body="gradio-config"` | 174 | `header` | HTTP response header | `header="X-Gradio-Version: 3.34.0"` | 175 | `icon` | Website favicon hash | `icon="d41d8cd98f00b204e9800998ecf8427e"` | 176 177 #### Logical Operators 178 179 | Operator | Description | Example | 180 | -------- | ----------------------------------------- | ------------------------------------------------------------ | 181 | `=` | Fuzzy contains match (case-insensitive) | `body="gradio"` | 182 | `==` | Exact equals match (case-sensitive) | `header="Server: Gradio"` | 183 | `!=` | Not equals match | `header!="Server: Apache"` | 184 | `~=` | Regular expression match | `body~="Gradio v[0-9]+.[0-9]+.[0-9]+"` | 185 | `&&` | Logical AND | `body="gradio" && header="X-Gradio-Version"` | 186 | `||` | Logical OR | `body="gradio" || body="Gradio"` | 187 | `()` | Grouping to change precedence | `(body="gradio" || body="Gradio") && header="X-Gradio-Version"` | 188 189 ## Operational Best Practices 190 191 192 1.**Schedule Regular Scans**: Schedule weekly comprehensive scans of your AI infrastructure to promptly identify emerging vulnerabilities. 193 194 2.**Prioritize High-Risk Components**: Focus scanning resources on components with high vulnerability densities, such as Gradio, LangChain, and ClickHouse. 195 196 3.**Extend with Custom Rules**: Enhance detection capabilities for organization-specific AI components by adding custom fingerprint rules. 197 198 4.**Integrate into CI/CD Pipelines**: Embed security scanning into the continuous integration (CI) process for AI applications to implement shift-left security. 199 200 5.**Track Vulnerability Remediation**: Establish a tracking mechanism for vulnerabilities discovered during scans to ensure timely remediation. 201 202 By leveraging the AI Infra Scan service, you can effectively identify potential security risks within your AI systems, providing robust assurance for building a secure and reliable AI infrastructure.