AI Security Detectors
Oculum is purpose-built for AI-native security. While traditional security scanners focus on OWASP-style vulnerabilities, Oculum specializes in detecting security issues unique to LLM-powered applications.
Why AI Security Matters
AI applications introduce new attack surfaces that traditional tools miss:
- Prompt Injection — Malicious input that manipulates LLM behavior
- Unsafe Execution — AI-generated code executed without validation
- Data Exfiltration — Sensitive data leaked through AI responses
- Agent Takeover — Autonomous agents performing unintended actions
- Supply Chain — Compromised models or packages
Oculum's detectors are designed specifically for these AI-era threats.
Detection Categories
AI-Specific Detectors
| Category | What It Detects | Severity |
|---|---|---|
| Prompt Injection | Unvalidated user input in LLM prompts | High-Critical |
| Unsafe Execution | AI-generated code executed without checks | Critical |
| Package Hallucination | Non-existent packages suggested by AI | High |
| RAG Security | Data exfiltration, poisoning, PII leaks in RAG | Medium-Critical |
| MCP Security | Tool poisoning, credential exposure, prompt injection | High-Critical |
| Agent Safety | Excessive agency, overpermissive tools | Medium-High |
| Model Supply Chain | Unsafe model loading, unverified sources | High-Critical |
Traditional Detectors
| Category | What It Detects | Coverage |
|---|---|---|
| Secrets | API keys, tokens, credentials | Comprehensive |
| Config Audit | Debug flags, insecure settings | Standard |
| Weak Crypto | MD5, SHA1, DES usage | Standard |
Three-Layer Detection
Oculum uses a layered approach for accurate detection:
Layer 1: Pattern Matching
Fast, deterministic detection:
- Regex patterns for known secrets
- Entropy analysis for potential secrets
- URL detection for sensitive endpoints
Speed: ~1000 files/second
Layer 2: Structural Analysis
Context-aware heuristics:
- Auth pattern recognition
- Dangerous function detection
- AI code fingerprinting
- Data flow tracking
Speed: ~500 files/second
Layer 3: AI Semantic Analysis
Deep understanding using Claude:
- Full taint analysis
- Business logic validation
- Cross-file flow tracking
- Framework-aware analysis
Speed: ~50 files/second
Severity Levels
| Level | Meaning | Action |
|---|---|---|
| Critical | Immediate exploitation risk | Fix before deploy |
| High | Significant security risk | Fix soon |
| Medium | Moderate risk, needs review | Review and decide |
| Low | Minor issues | Consider fixing |
| Info | Informational | Awareness only |
Confidence Levels
Each finding includes a confidence level:
- High — Strong evidence, low false positive rate
- Medium — Good evidence, may need context review
- Low — Potential issue, requires manual verification
AI-validated findings (--depth verified) have higher confidence levels.
Filtering by Category
Fail on Specific Categories
# Only fail on AI-related issues
oculum scan --fail-on-categories "ai-*"
# Only fail on secrets
oculum scan --fail-on-categories "secrets-*"
# Multiple categories
oculum scan --fail-on-categories "ai-*,secrets-*"
Available Category Prefixes
ai-*— All AI security detectorssecrets-*— Secret detectionowasp-*— Traditional web vulnerabilitiesconfig-*— Configuration issues
Understanding Findings
Each finding includes:
- Category — The detector that found it
- Severity — Impact level
- Confidence — Detection certainty
- Location — File, line, column
- Description — What was found
- Remediation — How to fix it
- Validation Notes — AI reasoning (for verified scans)
Example Finding
{
"category": "ai_prompt_injection",
"severity": "high",
"confidence": "high",
"message": "User input passed directly to LLM prompt",
"file": "src/api/chat.ts",
"line": 45,
"remediation": "Validate and sanitize user input before including in prompts",
"validationNotes": "User input from request body is concatenated directly into the system prompt without sanitization."
}
Quick Reference
| If you're building... | Focus on these detectors | |----------------------|-------------------------| | Chatbot / AI Assistant | Prompt Injection, Agent Safety | | RAG Application | RAG Security, Data Exfiltration | | Code Generation Tool | Unsafe Execution, Package Hallucination | | MCP Server/Client | MCP Security, Tool Poisoning | | Fine-tuning Pipeline | Model Supply Chain |
Next Steps
Explore individual detector categories:
- Prompt Injection — Protect against prompt manipulation
- Unsafe Execution — Secure AI-generated code
- RAG Security — Secure retrieval-augmented generation
- MCP Security — Secure Model Context Protocol
- Agent Safety — Control autonomous agents