Featured Solution
Supply Chain SBOM
Enterprise procurement requires a bill of materials. Your AI servers don't have one.
CycloneDX
industry standard format
1,184
malicious skills confirmed in wild
35,705
base64 obfuscation matches found
Featured Solution
CycloneDX accepted by procurement without modification.
AISS produces a Software Bill of Materials for every scanned server: all direct and transitive dependencies with versions, CVE status per package, license per package. Exactly what enterprise procurement teams need.
CycloneDX JSON format — CISA-accepted industry standard
Direct and transitive dependency tree with versions
CVE status linked to OSV and GitHub Advisory IDs
License per package — flags GPL contamination
How it works
01
AISS scans the artifact
Clone or fetch the server source. Parse package.json and requirements.txt. Build the full dependency tree including transitive dependencies.
02
CVE status enriched
Every dependency queried against OSV and GitHub Advisory DB. CVSS scores mapped to severity. Fixed versions identified.
03
SBOM generated
CycloneDX JSON produced for the server. All components, CVE status, licenses, source URLs. Ready for procurement sign-off.
04
Export or integrate
Download from dashboard. Pull via API. Attach to your procurement workflow or CI/CD pipeline.
Press coverage
VentureBeat
Anthropic Skill scanners passed every check. The malicious code rode in on a test file.
VentureBeat
No publicly documented scanner operates outside the assumption that the threat lives in SKILL.md.
CrowdStrike · RSAC 2026
ClawHavoc — 1,184 malicious skills confirmed in the wild. The attack surface is the skill layer.