AI Components Inventory

Overview

A Technology Framework refers to any technology used by a piece of software. This can include a product, a category of products, a protocol, or any other indicator that helps us understand the software's usage (e.g., AI, LLM, RPC, payments).

An AI Framework is essentially a group of AI components. It includes tools, libraries, and methodologies for developing, deploying, and managing AI models. Examples include model frameworks (e.g., TensorFlow, PyTorch), AI agent orchestration tools (e.g., LangChain, LlamaIndex), and security frameworks that enforce governance and compliance (e.g., Guardrails AI, TruLens).

In Mend AI, framework identification detects and categorizes AI-related frameworks in enterprise codebases, helping security teams assess risk and enforce governance policies.

The data containing the related package evidence will be available on the AI Components inventory page.

Getting it done

To access your AI Components inventory, navigate to the AI section on the left-pane navigation menu and click AI Components.

This will take you to the AI Components inventory page, which contains the following information:

1. The Framework name. A framework is an AI infrastructure layer that consists of a group of related AI components, including libraries, tools, and environments used for model development and deployment.

2. The Projects in which the framework was detected. By default, this column specifies the number of projects in which the framework was detected. Clicking the number will navigate you to the project list.

3. The Framework Type.

4. The Exposure Level is the level of risk associated with the AI component, assessed by Mend.io’s research team. It considers factors like security vulnerabilities, compliance issues, and governance risks. Categories include Low, Medium, High, and Critical based on Mend.io’s evaluation.

5. The Exposed Threats are the specific threats related to the AI component, mapped from the OWASP Top 10 for LLM Applications. These may include prompt injection, model poisoning, insecure output handling, excessive agency, or training data extraction risks.

6. The Related Components are the components within the AI infrastructure that relate to the application, such as packages, models, and inference providers.
   The number of occurrences of the related package will be denoted next to it.

Note: Some column headers have tooltips (marked by ) containing a comprehensive explanation about the column: