Skip to main content
Skip table of contents

View your AI Technologies and Models Reports

Note: The AI Models features require a Premium AI subscription.

Overview

The AI Technologies and AI Models reports allow you to view all AI models integrated with your applications.

After initiating a scan with the Mend CLI, you can review the findings within your organization in the Mend Platform.

Prerequisites

  • A Mend AI entitlement for your organization.

  • Mend AI discovers AI frameworks and third-party AI models and providers automatically as part of an SCA CLI scan (mend ua / mend dep / mend sca), however it uses a separate scanner, which must be enabled for automatic AI discovery to take place as part of your SCA scans.

To run an SCA scan, please follow the steps in this article.

Preparing your Report

You can access the AI Technologies and AI Models reports on two levels within the Mend Platform:

  1. Application level.

  2. Project level.

To access the AI Technologies or AI Models reports, simply navigate through the Applications or Projects view in the Mend AppSec Platform and select the desired application or project.

AI Technologies

In the selected Application/Project, click ‘AI Technologies’ on the left-pane menu:

image-20250629-154536.png

AI Models

Note: The AI Models features require a Premium AI subscription.

In the selected Application/Project, click ‘AI Models’ on the left-pane menu:

The AI Models report displays all the LLM components found in your application/project inventory.

image-20250529-062609.png

The following information is displayed for each model:

  • Model: The name and version of the model library found in your application code.

  • Project: In the context of an application, displays the number of projects containing the AI model.

  • Category (Type): Indicates whether the AI model is provided as an inference provider (AI Service) or runs locally (Self-Hosted).

  • Provider: If the model is not self-hosted, this refers to the external company that provides inference services and API access for the AI model.

  • Model Author: Entity author, i.e., the company who developed the model (e.g., OpenAI, Antrophic, etc.).

  • Aggregated Findings: Displays the count and severity (Critical, High, Medium, Low) of security findings for each model.

    image-20250905-143543.png

Note: The AI model security findings are also accessible via the AI Models Security Findings column in the main Applications or Projects views (image-20250905-150113.png).

image-20250905-150236.png

These findings are not accounted for in the Total Findings column of these views.

  • Violations: Governance or policy violations tied to the model.

  • Origin Type (Engine): The detection mechanism used to identify the component. Possible values: code - component was detected through source code scanning, artifacts - component was detected in AI artifacts during static or dynamic analysis.

  • Origin: The location or path where the component was discovered, indicating its source in the system or project.

  • (Hugging-Face) Risk Factors: Identified risks associated with Hugging Face AI models based on Hugging Face advisory:
    ✅ No Findings – No known vulnerabilities.
    🟢 False Positive – Reported by Hugging Face, but tested safe by Mend.
    🔴 Confirmed Unsafe – Verified by Mend vulnerability researchers.
    🟠 Unconfirmed Unsafe – Reported by Hugging Face, not yet validated.

  • (Model) License: Specifies the model's licensing type. For open-source licenses and some proprietary licenses, it includes details about the license (e.g., MIT, Apache).
    Examples:

    • Mistral Research License Index - Restricted use for academic and internal research.

    • Mistral Non-Production License (MNPL) Index - Research-only, non-commercial use.

    • Llama4 License Index - Meta's latest large language model license.

  • Model License Risk: Indicates the level of risk associated with the model's license. The risk level is assessed by Mend.io's research team based on the license terms, compliance obligations, and potential restrictions on usage, redistribution, or modifications.

  • Verified by Mend:
    ✅ Verified: Component found in Mend's AI components index.
    🔵 Not Verified: Not found in Mend's index.

  • Homepage: A reference URL to the library’s or LLM's homepage.

  • Provider ToS: The provider’s terms of service, if applicable.

The AI Model Side-Panel

Clicking anywhere on a model’s row in the AI Models table will spawn the model’s side-panel, providing abundant information about the model in question to the user.

The default tab is the Overview tab, which contains the following information:

  • Description - The name of the model and its location in the application.

  • Security Overview - Severity, AI Findings, Risk Factors.

  • Confidence - The verification status (e.g., “Verified”) and its description.

image-20251202-153510.png

Exporting your Report

AI Technologies

You can export the AI Components table to .CSV by clicking the Export to CSV button located at the far right:

image-20250529-063733.png

AI Models

  1. Click Export to CSV to export the AI Models data to .CSV

  2. Click Create Report to generate a report capturing the data in the AI Models table.

Both buttons are located at the right edge of the screen just above the table itself.

image-20250529-063901.png

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close