Veritensor 1.8.0

🚀 Veritensor v1.8.0: MCP Permission Auditing & Compliance Excel Reports

Version 1.8.0 completes our two-layer Agentic AI defense system and adds enterprise-grade compliance tooling for auditors.

🔥 Major Features

🔐 MCP Permission Auditor (Configuration-Level Security)

v1.7.0 introduced AST analysis of MCP tool code. v1.8.0 adds the missing second layer: static analysis of MCP configurations.

A tool can have clean code and still be dangerously over-privileged. claude_desktop_config.json, mcp.json, and agent manifests can silently grant a server simultaneous filesystem access, untrusted web input, and outbound network — the Lethal Trifecta that enables silent data exfiltration via a single prompt injection.

The Permission Auditor runs automatically when veritensor scan encounters a recognised MCP config filename. No extra flags needed.

What it detects:

• Lethal Trifecta CRITICAL — Server has private data access + untrusted input + exfiltration vector simultaneously. A single prompt
  injection can exfiltrate all private data without human interaction.
• Code Execution Without Confirmation CRITICAL — execute_code, shell, or bash capability declared without require_confirmation.
• Hardcoded Secrets in env CRITICAL — High-entropy values in the env dict committed to version control.
• Secrets in args Array HIGH — API keys passed as positional CLI arguments (visible in ps aux output).
• Filesystem + Network HIGH — Simultaneous access without full Trifecta trigger.
• Overprivileged OAuth Scopes CRITICAL/HIGH — admin, *, write:*, repo, delete, sudo.
• Destructive Tools Without Confirmation HIGH — Tools named delete_*, drop_*, wipe_* without require_confirmation.

Supported formats: claude_desktop_config.json, mcp.json, mcp-config.json, .mcp/config.json, openai-tools.json, agent-manifest.json, tools.json

Known server inference: Capabilities are automatically inferred from official @modelcontextprotocol/* package names in the args array — no explicit permissions block required.

# Scans both Python tool logic AND config permissions automatically
veritensor scan ./mcp_servers/ ./claude_desktop_config.json

Every finding includes a concrete Recommendation explaining exactly what to change.

---

📊 Excel Compliance Reports (--excel)

JSON and SARIF serve CI/CD pipelines. HTML reports serve CISOs. But compliance auditors need Excel — with columns, filters, and something they can attach to a Jira ticket or regulatory submission.

veritensor scan ./models/ --excel

Generates veritensor-report.xlsx with three sheets:

• Summary — Color-coded overview: total files, pass/fail counts, threat breakdown by severity.
• Incidents — One row per threat with file path, hash, severity color coding, license, identity verification status. Auto-filter enabled.
  Designed for direct submission to EU AI Act auditors.
• All Files — Full inventory of every scanned artifact with status,worst severity, and threat count. Sortable.

Requires openpyxl: pip install "veritensor[data]"

---

🛠️ Improvements & Fixes

• MCP Scanner: Deduplication — Multiple calls to subprocess.run() in the same tool now produce one finding per (tool, category) pair instead of N duplicates. Total findings count is now accurate.

• MCP Scanner: Entrypoint Filter — Functions named main, cli, run, start are no longer detected as MCP tools even when decorated with matching decorators. Eliminates false positives from Click/Typer-based entry points.

• ENV_SECRET_ACCESS Severity — Reclassified from MEDIUM to LOW. Reading environment variables inside a tool is often intentional configuration, not a vulnerability. The finding is retained for visibility but no longer blocks deployments by default.

• Streaming.py Security Fix — External domains in RemoteStream now raise ValueError instead of logging a warning. The domain allowlist was previously advisory-only; it now enforces a hard block.

• Enterprise Scanner: Temp File Leak — Fixed a file descriptor and disk leak in _yield_dataset_chunks when an exception occurred mid-stream between mkstemp and f.close().

• Dependency Engine: OSV Batch Cap — Added a 500-package limit on OSV.dev batch requests. Large requirements.txt files with 1000+ packages no longer risk 413 responses or rate limiting.

---

🔄 How to Upgrade

pip install --upgrade "veritensor[all]"

For Excel reports:

pip install --upgrade "veritensor[data]"

Veritensor 1.7.0

🚀 Veritensor v1.7.0: Agentic Security (MCP), CISO Reports & GitHub Marketplace

Version 1.7.0 marks a massive leap forward in securing the next generation of AI. As the industry shifts from passive chatbots to autonomous Agentic AI, the attack surface has expanded. We are introducing industry-first static analysis for Model Context Protocol (MCP) servers, beautiful executive HTML reporting, and our official launch on the GitHub Marketplace.

Secure your data, secure your models, and now—secure your AI Agents' actions.

🔥 Major Features

🤖 Agentic AI Defense (MCP Server Scanner)

LLM Agents use tools to interact with your infrastructure. If an agent is compromised via a Prompt Injection, it can weaponize these tools against you. While other scanners only check MCP dependencies, Veritensor now deeply analyzes MCP tool logic.

• Pure AST Analysis: Safely scans your Python files without executing them (100% air-gapped safe).

• Decorator Detection: Automatically identifies tools built with FastMCP (@mcp.tool), OpenAI Agents (@function\_tool), LangChain (@skill), and more.

• Actionable Threat Detection: Statically detects dangerous call patterns inside agent tools, including OS Command Execution, Database Mutations (SQL drops/deletes), Unrestricted File Writes, and Data Exfiltration.

• Human-in-the-Loop Awareness: Lowers severity if the tool safely implements confirmation gates (e.g., approved or dry\_run parameters).

📊 Executive HTML Reports (--html)

JSON and SARIF are great for CI/CD pipelines, but CISOs and Security Auditors need readable dashboards. Veritensor now generates beautiful, standalone, and interactive HTML reports.

• Features a severity breakdown chart (Critical, High, Medium, Low).

• Includes live search and filtering by file or threat type.

• Jira-Ready: One-click copy buttons for threat details to instantly create bug tickets.

• How to use: Simply append the --html flag to your scan command. The CLI will generate a veritensor-report.html artifact.

🛒 Official GitHub Marketplace Launch

Veritensor is now officially listed on the GitHub Marketplace! Securing your AI Supply Chain and RAG pipelines in CI/CD is now truly "Plug & Play".

• No need to manually configure Python environments or install dependencies.

• Drop it into your workflow in just two lines of code.

Example (GitHub Actions):

steps:
  - uses: actions/checkout@v4
  - name: Veritensor AI Security Scan
    uses: arsbr/Veritensor@v1
    with:
      target: '.'
      generate-html: 'true'

🛠️ Improvements & Fixes

• Hardened Static Analysis: Improved the core Regex and AST engines to reduce false positives and optimize RAM usage when scanning massive datasets locally.

• Smarter Threat Deduplication: Fixed an issue where the scanner would duplicate alerts for the same vulnerability. Threats are now intelligently deduplicated for cleaner, more actionable logs.

• Robust File Handling: Resolved an event-loop blocking issue and improved path resolution, drastically increasing stability when scanning complex directory structures.

• Zip-Bomb Protection Limits: Fine-tuned the SafeZipReader to better handle massive datasets and archives without triggering false DoS alerts.

🔄 How to Upgrade

To upgrade your local CLI and get the new MCP scanner and HTML reports:

pip install --upgrade "veritensor[all]"

For CI/CD users, simply ensure your GitHub Action is pointing to @v1 to automatically receive this update.

Veritensor 1.6.3

🚀 Veritensor v1.6.3 release

Minor bug fixes.

---

📦 Upgrade

pip install --upgrade veritensor

Veritensor v1.6.2

🚀 Veritensor v1.6.2 release

Minor bug fixes.

---

📦 Upgrade

pip install --upgrade veritensor

Veritensor v1.6.1

🚀 Veritensor v1.6.1 release

Minor bug fixes.

---

📦 Upgrade

pip install --upgrade veritensor

Veritensor v1.6.0

🚀 Veritensor v1.6.0: The Native RAG Firewall & Ecosystem Update

Version 1.6.0 introduces Native Python Integrations, allowing you to embed Veritensor directly into your RAG pipelines as an active firewall. We've also drastically improved the Developer Experience (UX) with ignore files and automated GitHub PR reviews.

Stop scanning data after it's ingested. Block it before it hits your Vector DB.

🔥 Major Features

🧱 Native RAG Integrations (In-Memory Firewall)

You can now wrap your favorite data loaders and vector databases with Veritensor. It scans raw text and extracted elements in-memory, physically blocking Prompt Injections, Data Poisoning, and PII leaks at runtime.

• LangChain: Wrap any loader with SecureLangChainLoader.
• LlamaIndex: Wrap any reader with SecureLlamaIndexReader.
• Unstructured.io: Sanitize extracted elements using SecureUnstructuredScanner.
• ChromaDB: Intercept .add() and .upsert() calls directly at the database level using SecureChromaCollection.

Example (LangChain):

from langchain_community.document_loaders import PyPDFLoader
from veritensor.integrations.langchain_guard import SecureLangChainLoader

unsafe_loader = PyPDFLoader("user_upload.pdf")
secure_loader = SecureLangChainLoader(file_path="user_upload.pdf", base_loader=unsafe_loader)

# Raises VeritensorSecurityError if prompt injections or PII are detected!
docs = secure_loader.load()

🙈 Smart Filtering with .veritensorignore

No more false positives on your dummy test data! Veritensor now natively supports .veritensorignore files.

• Works exactly like .gitignore.
• Supports standard glob patterns (e.g., tests/dummy_data/*, *.dev.env).
• Keeps your CI/CD pipelines green while maintaining strict security on real assets.

🤖 GitHub App Support (Automated PR Reviews)

Veritensor can now be deployed as a fully-fledged GitHub App Backend.

• Automatically scans files in new Pull Requests.
• Posts beautiful, detailed Markdown tables directly into PR comments.
• Sets Commit Statuses (✅ Success / ❌ Failure) to block malicious merges automatically.

🌪️ Data Engineering (Apache Airflow)

We've added official documentation and patterns for securing ETL pipelines. You can now easily integrate Veritensor into your Airflow DAGs using the standard BashOperator to quarantine poisoned datasets before they enter your Data Lake.

---

🛠️ Improvements & Fixes

• Refactored Core Engine: Separated file I/O from text scanning (scan_text), enabling lightning-fast in-memory analysis for our new integrations.
• Smart Noise Reduction: Improved the CLI output to automatically hide "noisy" data science practices (like !pip install or import os) unless the --verbose flag is passed, focusing your attention only on real threats.
• Bug Fixes: Resolved an issue where the CLI would crash when attempting to parse S3 URIs as local Path objects on certain OS environments.

🔄 How to Upgrade

To get all the new features and engines:

pip install --upgrade "veritensor[all]"

Veritensor v1.5.1

🚀 Veritensor v1.5.1: The Anti-Virus for AI Artifacts

We are introducing Parallel Scanning, Supply Chain Security, and Advanced Stealth Detection.

Veritensor is now a comprehensive firewall for your RAG pipelines, Data Lakes, and Development Environments. We secure the artifacts that traditional scanners miss: Models, Datasets, Notebooks, and Documents.

🔥 Major Features

⚡ High-Performance Parallel Scanning & Caching

We have rewritten the core engine to support Multiprocessing. Veritensor now utilizes all CPU cores to scan thousands of files in seconds.

• Process Pool Executor: Scans are distributed across workers for maximum throughput.
• SQLite Caching: Implemented a robust SQLite database (WAL mode) to cache scan results. Re-scanning a 100GB dataset now takes milliseconds if files haven't changed.
• Usage: Use the --jobs flag to control concurrency (defaults to CPU count).

🔗 Supply Chain Security (Dependency Scanning)

Veritensor now audits your Python environment for compromised packages.

• Supported Files: requirements.txt, pyproject.toml, poetry.lock, Pipfile.lock.
• Typosquatting Detection: Detects malicious package impersonators (e.g., tourch instead of torch) using Levenshtein distance algorithms.
• Vulnerability Check: Integrates with Google OSV.dev API to detect known CVEs in your pinned dependencies.

🕵️‍♂️ Advanced RAG & Stealth Detection

Veritensor v1.5.0 includes a new Stealth Engine to detect attacks hidden from human eyes but visible to LLMs.

• CSS/HTML Hiding: Detects "Invisible Text" attacks (e.g., font-size: 0, color: white, display: none) hidden inside PDF and HTML documents.
• Base64 De-obfuscation: Automatically detects and decodes Base64 strings to find obfuscated prompt injections (e.g., SWdub3Jl... -> Ignore previous instructions).
• Unicode Normalization: Applies NFKC normalization to prevent Unicode bypass attacks.

📊 Expanded Format Support (Excel & Archives)

We have expanded our coverage to include critical business data formats.

• Excel Security: Scans .xlsx and .csv for Formula Injections (CSV Injection) and malicious macros.
• Recursive Archives: Safely scans inside .zip, .tar.gz, and .whl files without extracting them to disk. Includes protection against Zip Bombs.

📜 Data Governance & Manifests

• Provenance Manifest: New command veritensor manifest . generates a signed JSON snapshot of your data artifacts (hashes, status, threats). Essential for compliance (EU AI Act, SOC2).

🛡️ Security Hardening

• Magic Number Validation: Detects malware masquerading as safe files (e.g., an .exe renamed to .pdf).
• Smart Filtering: Drastically reduced false positives in Jupyter Notebooks by filtering out common "noise" (like !pip install) and using Entropy Analysis to find real API keys (e.g., WandB, Pinecone) even without known signatures.
• Hybrid PII Detection: Added support for Microsoft Presidio (optional) for context-aware PII detection, alongside high-speed Regex checks.

📦 Modular Installation

To keep the core tool lightweight (~50MB), Veritensor uses a modular installation strategy. You only download the heavy ML libraries if you need them.

🚀 Recommended (Full Suite)

Installs support for Models, RAG Documents, Datasets, PII, and S3.

pip install "veritensor[all]"

🛠️ Custom Installation

Mix and match dependencies based on your pipeline needs:

Feature Set	Command	Description	Dependencies Added
Core	pip install veritensor	Base Scanner. Scans Models (Pickle, Keras, PyTorch), Notebooks, and Dependencies.	Lightweight (No heavy deps)
Data	pip install "veritensor[data]"	Dataset Security. Adds support for streaming scan of Parquet, CSV, and Excel files.	pyarrow, pandas, openpyxl
RAG	pip install "veritensor[rag]"	Document Security. Adds support for PDF, DOCX, PPTX scanning. Includes PII support automatically.	pypdf, python-docx, python-pptx
PII	pip install "veritensor[pii]"	Privacy. Adds Microsoft Presidio for ML-based PII detection (Names, Locations, etc).	presidio-analyzer, spacy
AWS	pip install "veritensor[aws]"	Cloud. Adds support for scanning directly from S3 buckets (s3://...)..	boto3

Note for PII Users: If you install [pii] or [rag], you must download the Spacy model once:

python -m spacy download en_core_web_lg

🔄 How to Upgrade

To get all the new features and engines:

pip install --upgrade "veritensor[all]"

Veritensor v1.4.1

🚀 Veritensor v1.4.1 release

Minor bug fixes.

---

📦 Upgrade

pip install --upgrade veritensor

Veritensor v1.4.0

🚀 Veritensor v1.4.0: The AI Security & Trust Platform

This major release transforms Veritensor from a model scanner into a holistic AI Security Platform. We are moving beyond simple model checks to secure the entire AI life cycle: Models, Datasets, Notebooks, and RAG knowledge bases.

🔥 New Features

• 📊 High-Speed Dataset Scanning (Data Poisoning Protection)
  Veritensor now supports streaming analysis for massive datasets. Scan Parquet, CSV, TSV, and JSONL files (up to 100GB+) without memory overflows.

  • Threat Detection: Identifies malicious URLs, PII, and "Data Poisoning" patterns (e.g., "Ignore previous instructions") hidden in training data.
  • Optimization: Uses Column Pruning to scan only string-based columns, making it up to 10x faster than raw text search.
  • Requires: pip install veritensor[aws]

• 📓 Jupyter Notebook Hardening (.ipynb)
  Security for the researcher's primary tool. Veritensor now inspects:

  • Code Cells: For malicious execution and backdoors.
  • Markdown: For XSS and phishing links.
  • Outputs: For leaked API keys or credentials saved in execution results.

• 📚 RAG Knowledge Base Security (PDF, DOCX, PPTX)
  Protect your LLM applications before ingestion. Veritensor extracts text from Office documents and PDFs to block prompt injections and sensitive data leaks.

  • Requires: pip install veritensor[rag]

• ☁️ Cloud-Native Amazon S3 Support
  Scan models and assets directly from your S3 buckets. No more manual downloads for security audits.

  • Requires: pip install veritensor[aws]

• 🧩 Modular Installation To keep the core tool lightweight, we've introduced optional dependency groups:
  Protect your LLM applications before ingestion. Veritensor extracts text from Office documents and PDFs to block prompt injections and sensitive data leaks.

  • pip install veritensor[data] — for Dataset scanning.
  • pip install veritensor[rag] — for Office/PDF documents.
  • pip install veritensor[aws] — for AWS S3.
  • pip install veritensor[all] — for the full security suite.

🛠️ Improvements

• Sampling Strategy: Introduced a 10k-row sampling default for datasets to ensure instant feedback, with a --full-scan flag for deep audits.
• Recursive Discovery: The scanner now automatically identifies and routes all supported formats within a directory.

📦 Full upgrade (includes RAG, S3, dataset scanning)

pip install --upgrade veritensor[all]

Veritensor v1.3.1

🚀 Veritensor v1.3.1: Python Wheels & Granular Control

This release focuses on expanding format support and improving CI/CD flexibility based on community feedback.

🔥 New Features

• 📦 Python Wheel Support (.whl)
  Veritensor now scans .whl packages. It inspects setup.py and internal scripts for suspicious patterns (secrets, obfuscation) and recursively scans any embedded Pickle files (Thanks to u/ResponsibleTruck4717 for the suggestion!).

• 🎛️ Granular CLI Overrides
  Replaced the blunt --force flag with precise controls for CI/CD pipelines:

  • --ignore-license: Allows deployment of models with restrictive licenses.
  • --ignore-malware: Forces deployment even if threats are found (Use with caution) (Thanks to @patrakov for the suggestion!).

• 📝 Externalized Signatures & Expanded Rules

  • Security rules are now decoupled into signatures.yaml for easier updates.
  • New Heuristics: Added detection for modern SSH keys (ed25519, ecdsa) and Windows PuTTY keys (.ppk) to catch credential theft attempts (Thanks to @patrakov for the suggestion!).

📦 Upgrade

pip install --upgrade veritensor