Skip to content

AI-SPM inventory

The AI-SPM inventory is the centralized hub for managing all artificial intelligence components discovered in your code repositories. This inventory provides detailed, specialized views for Models, Agents, and MCP Servers, offering security context and compliance status for each asset type.

Models

The Models view provides a complete inventory of the trained artificial intelligence components discovered in your code repositories.

To access Models:

  1. From the AQG main menu, select Inventory.
  2. Under the AI Assets group, select Models.

Models table

The table organizes your model data by:

  • Name - The unique identifier or file name of the model.
  • Supplier - The external entity or service where the model is hosted (for example, Hugging Face, Google, OpenAI).
  • Manufacturer - The organization or group that created the model.
  • Model type - Specifies the model deployment type (Self-hosted / Managed).
  • Model health score - A metric indicating the overall security health of the model based on its configuration and associated issues.
  • Library - The library or framework that was used to train or query the model (such as Google Keras, Transformers, Smolagents).
  • Size - The file size or parameter count of the model (for example, 130m, 8b).
  • Data sources - The source where the model was discovered (GitHub).
  • Last scanned - The date and time of the most recent scan that detected this model.
  • Severity - The highest severity level of any open issue currently associated with the model.

Agents

The Agents view lists autonomous systems that utilize models, tools, and data to perform complex actions within your codebase. This table provides details on the function, context, and security configuration of each discovered autonomous agent.

To access Agents:

  1. From the AQG main menu, select Inventory.
  2. Under the AI Assets group, select Agents.

Agents table

  • Name - The unique name or identifier of the agent (such as weather_time_agent, Cancellation Agent).
  • Model - The specific model the agent is configured to use (such as gemini-2.0-flash, gpt-4).
  • Tools - The specific external functions or capabilities the agent can utilize (for example, get_current_time, cancel_flight).
  • Context - The domain or specific environment for which the agent is designed (for example, AirlineAgentContext).
  • Input guardrail - The security measure or policy applied to filter or validate user input before it reaches the agent.
  • Output guardrail - The security measure or policy applied to filter or validate the agent’s output before it is delivered to the user.
  • Library - The framework used to define the agent (such as Google Agent Development Kit, OpenAI Agents, AutoGen Extension).
  • Data sources - The source where the agent was discovered (GitHub).
  • Last scanned - The date and time of the most recent scan that detected this agent.
  • Severity - The highest severity level of any open security issue currently associated with the agent.

MCP servers

The MCP servers view tracks server components that expose specific tools or capabilities to agents, typically following the Model Context Protocol. This table lists the discovered servers that facilitate communication and tooling for agents.

To access MCP servers:

  1. From the AQG main menu, select Inventory.
  2. Under the AI Assets group, select MCP servers.

MCP servers table

  • Name - The unique name or identifier of the Model Context Protocol server (for example, Second Server, EchoServer).
  • Library - The framework or protocol used to implement the MCP server (such as FastMCP, Anthropic MCP).
  • Data sources - The source where the server was discovered (GitHub).
  • Last scanned - The date and time of the most recent scan that detected this server.
  • Severity - The highest severity level of any open security issue currently associated with the server.