AI Components Inventory

Overview

A technology framework refers to any technology used by a piece of software. This can include a product, a category of products, a protocol, or any other indicator that helps us understand the software's usage (e.g., AI, LLM, RPC, payments).

An AI framework is essentially a group of AI components, listed as High-Level Component in the Mend AI user interface. It includes tools, libraries, and methodologies for developing, deploying, and managing AI models. Examples include model frameworks (e.g., TensorFlow, PyTorch), AI agent orchestration tools (e.g., LangChain, LlamaIndex), and security frameworks that enforce governance and compliance (e.g., Guardrails AI, TruLens).

In Mend AI, framework identification detects and categorizes AI-related frameworks in enterprise codebases, helping security teams assess risk and enforce governance policies.

The data containing the related package evidence will be available on the AI Components inventory page.

Getting it done

To access your AI Components inventory, navigate to the AI section on the left-pane navigation menu and click AI Components.

This will take you to the AI Components inventory page, which contains the following information:

1. High-Level Component denotes a high-level AI infrastructure component that consists of a group of related AI elements, including libraries, tools, and environments used for model development and deployment.

2. Projects in which the high-level component was detected. By default, this column specifies the number of projects in which the component was detected. Clicking the number will take you to the project list.

3. Category of the high-level component (e.g., Third-Party LLM Service, AI Agent, Open-Source LLM, etc.).

4. Exposure Level is the level of risk associated with the AI component, assessed by Mend.io’s research team. It considers factors like security vulnerabilities, compliance issues, and governance risks. Categories include Low, Medium, High, and Critical based on Mend.io’s evaluation.

5. Potential Threats Exposure lists the specific threats related to the AI component, mapped from the OWASP Top 10 for LLM Applications. These may include prompt injection, model poisoning, insecure output handling, excessive agency, or training data extraction risks.

6. Related Components within the AI infrastructure that relate to the application, such as packages, models, and inference providers.

Note:
1. Click the Columns button at the right edge of the screen to add/remove columns.

2. The columns are all filterable. For instance, you can use the filter box under the High-Level Component column header to filter the results by the component name.

3. Some column headers have tooltips (marked by ) containing a comprehensive explanation about the column.