3-layer scanning pipeline
Flint AI Scan uses a 3-layer pipeline to find security and quality issues in your agent code:Parallel scans test your agent code
Both run simultaneously:
- Static analysis — Industry-standard tools (Bandit, OpenGrep, detect-secrets, pip-audit) scan for patterns
- AI reasoning — LLM analyzes agent code, follows data flows, identifies risky patterns
Triage combines results
AI evaluates findings from both approaches, filters false positives, and dismisses expected behavior.
What it finds
All findings are mapped to the OWASP Top 10 for Agentic Applications:| Code | Category |
|---|---|
| ASI01 | Agent Goal Hijack (prompt injection, RAG poisoning) |
| ASI02 | Tool Misuse and Exploitation (excessive permissions, unvalidated input) |
| ASI03 | Identity and Privilege Abuse (hardcoded credentials, missing auth) |
| ASI04 | Agentic Supply Chain (unpinned deps, known CVEs, untrusted tools) |
| ASI05 | Unexpected Code Execution (eval, shell=True, unsafe deserialization) |
| ASI06 | Memory and Context Poisoning (persistent memory without sanitization) |
| ASI07 | Insecure Inter-Agent Communication (unencrypted channels, no auth) |
| ASI08 | Cascading Failures (unbounded loops, missing circuit breakers) |
| ASI09 | Human-Agent Trust Exploitation (no confirmation gates, no human-in-the-loop) |
| ASI10 | Rogue Agents (unchecked delegation, missing monitoring, no kill switch) |
beyond_asi with a descriptive subcategory.
Triage audit trail
The triage layer decides what’s a real issue vs expected behavior. You get full transparency:pre_triage_findings - Raw output from static tools and AI reasoning before filtering
triage_dismissed - Findings dismissed as expected behavior for your agent’s purpose, with explanations:
triage_downgraded - Findings with disproportionate severity that were adjusted: