View your AI Components and Models Reports
Overview
The AI Components and AI Models reports allow you to view all AI models integrated with your applications.
After initiating a scan with the Mend CLI, you can review the findings within your organization in the Mend Platform.
Getting it done
Prerequisites
A Mend AI entitlement for your organization.
Mend AI discovers AI frameworks and third-party AI models and providers automatically as part of an SCA CLI scan (
mend ua
/mend dep
/mend sca
), however it uses a separate scanner, which must be enabled for automatic AI discovery to take place as part of your SCA scans.
To run an SCA scan, please follow the steps in this article.
Preparing your Report
You can access the AI Components and AI Models reports on two levels within the Mend Platform:
Application level.
Project level.
To access the AI Components or AI Models reports, simply navigate through the Applications or Projects view in the Mend AppSec Platform and select the desired application or project.
AI Components
In the selected Application/Project, click ‘AI Components’ on the left-pane menu:

AI Models
In the selected Application/Project, click ‘AI Models’ on the left-pane menu:
The AI Models report displays all the LLM components found in your application/project inventory.

The following information is displayed for each model:
Model: The name and version of the model library found in your application code.
Project: In the context of an application, displays the number of projects containing the AI model.
Category: Indicates whether the AI model is provided as a inference provider (AI Service) or runs locally (Self-Hosted).
Provider: If the model is not self-hosted, this refers to the external company that provides inference services and API access for the AI model.
Model Author: Entity author, i.e., the company who developed the model (e.g., OpenAI, Antrophic, etc.).
Origin Type: The detection mechanism used to identify the component. Possible values: code - component was detected through source code scanning, artifacts - component was detected in AI artifacts during static or dynamic analysis.
Origin: The location or path where the component was discovered, indicating its source in the system or project.
Type: The AI-model type (e.g., Open-source, Service).
Hugging-Face Risk Factor: Identified risks associated with Hugging Face AI models based on Hugging Face advisory:
✅ No Findings – No known vulnerabilities.
🟢 False Positive – Reported by Hugging Face, but tested safe by Mend.
🔴 Confirmed Unsafe – Verified by Mend vulnerability researchers.
🟠 Unconfirmed Unsafe – Reported by Hugging Face, not yet validated.Model License: Specifies the model's licensing type. If open-source, it includes details about the license (e.g., MIT, Apache). Not applicable for proprietary or closed-source models.
Homepage: A reference URL to the library’s or LLM's homepage.
Provider ToS: The provider’s terms of service, if applicable.
Exporting your Report
AI Components
You can export the AI Components table to .CSV by clicking the Export to CSV button located at the far right:

AI Models
Click Export to CSV to export the AI Models data to .CSV
Click Create Report to generate a report capturing the data in the AI Models table.
Both buttons are located at the right edge of the screen just above the table itself.
