perfecXion.ai

Your First Security Scan

Step-by-step guide to running your first AI security scan and understanding the results. Learn to identify threats, vulnerabilities, and security gaps in your AI systems with confidence and actionable insights.

2 min
Average Scan Time
95%
Threat Detection Rate
150+
Checks Performed
Real-time
Results & Alerts

Table of Contents

Preparation: Before Your First Scan

Before running your first security scan, it's essential to prepare your environment and understand what you're scanning. This preparation ensures accurate results and helps you interpret findings effectively.

System Preparation

  • Ensure perfecXion is properly installed and configured
  • Verify API keys and authentication are working
  • Identify target systems and applications to scan
  • Review network connectivity and firewall rules

Team Preparation

  • Notify stakeholders about scheduled scanning
  • Prepare incident response procedures
  • Set up communication channels for alerts
  • Review previous security assessments

Scan Types: Choosing the Right Approach

perfecXion offers multiple scan types to address different security needs. Understanding each type helps you choose the most appropriate approach for your environment.

Quick Scan

Fast, automated scan that checks for common vulnerabilities and misconfigurations. Ideal for regular monitoring and initial assessments.

Quick Scan Features

  • • Duration: 2-5 minutes
  • • Coverage: Common vulnerabilities
  • • Resource usage: Low
  • • Frequency: Daily/Weekly

Quick Scan Command

curl -X POST https://api.perfecxion.ai/v1/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "scan_type": "quick",
    "target": "your-ai-system",
    "options": {
      "include_prompt_injection": true,
      "include_model_security": true,
      "include_data_validation": true
    }
  }'

Comprehensive Scan

Thorough security assessment that examines all aspects of your AI system, including deep analysis of models, data flows, and integration points.

Comprehensive Scan Features

  • • Duration: 15-30 minutes
  • • Coverage: Full system analysis
  • • Resource usage: Medium
  • • Frequency: Monthly/Quarterly

Comprehensive Scan Command

curl -X POST https://api.perfecxion.ai/v1/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "scan_type": "comprehensive",
    "target": "your-ai-system",
    "options": {
      "include_prompt_injection": true,
      "include_model_security": true,
      "include_data_validation": true,
      "include_behavioral_analysis": true,
      "include_compliance_check": true,
      "include_performance_analysis": true
    }
  }'

Targeted Scan

Focused scan on specific components or vulnerabilities. Useful for testing specific security controls or investigating particular concerns.

Targeted Scan Features

  • • Duration: 5-15 minutes
  • • Coverage: Specific components
  • • Resource usage: Variable
  • • Frequency: As needed

Targeted Scan Example

curl -X POST https://api.perfecxion.ai/v1/scan \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "scan_type": "targeted",
    "target": "your-ai-system",
    "focus_areas": ["prompt_injection", "data_leakage"],
    "options": {
      "custom_prompts": ["Ignore previous instructions"],
      "sensitivity_level": "high"
    }
  }'

Running Your Scan: Step-by-Step

Follow these steps to run your first security scan. We'll start with a quick scan to get you familiar with the process and results.

Step 1: Prepare Your Environment

API Setup

# Set your API key
export PERFECXION_API_KEY="your-api-key-here"

# Test connectivity
curl -X GET https://api.perfecxion.ai/v1/health \
  -H "Authorization: Bearer $PERFECXION_API_KEY"

Step 2: Define Your Target

Target Configuration

# Define your target system
TARGET_SYSTEM="your-ai-application"
API_ENDPOINT="https://your-api.example.com"
MODEL_ENDPOINT="https://your-models.example.com"

# Create target configuration
cat > target-config.json << EOF
{
  "name": "$TARGET_SYSTEM",
  "endpoints": {
    "api": "$API_ENDPOINT",
    "models": "$MODEL_ENDPOINT"
  },
  "scan_options": {
    "timeout": 300,
    "max_concurrent": 10
  }
}
EOF

Step 3: Execute the Scan

Run Quick Scan

# Start the scan
SCAN_ID=$(curl -X POST https://api.perfecxion.ai/v1/scan \
  -H "Authorization: Bearer $PERFECXION_API_KEY" \
  -H "Content-Type: application/json" \
  -d @target-config.json \
  | jq -r '.scan_id')

echo "Scan started with ID: $SCAN_ID"

# Monitor scan progress
curl -X GET https://api.perfecxion.ai/v1/scan/$SCAN_ID/status \
  -H "Authorization: Bearer $PERFECXION_API_KEY"

Understanding Results: Interpreting Findings

Understanding scan results is crucial for effective security management. Learn to interpret findings and prioritize remediation efforts based on risk levels.

Critical Findings

Critical vulnerabilities require immediate attention. These pose the highest risk to your AI system.

Example Critical Finding

{
  "severity": "critical",
  "type": "prompt_injection",
  "location": "chat-api/v2/completions",
  "description": "Unfiltered user input passed directly to LLM",
  "impact": "Attackers can manipulate AI behavior and access restricted functions",
  "recommendation": "Implement input validation and prompt sanitization",
  "risk_score": 0.95,
  "cve_id": "CVE-2024-XXXX"
}

High Priority Findings

High priority issues should be addressed promptly but may not require immediate action.

Example High Priority Finding

{
  "severity": "high",
  "type": "data_leakage",
  "location": "training/datasets/customer-data.json",
  "description": "Sensitive PII found in training data",
  "impact": "Model may expose customer information",
  "recommendation": "Sanitize training data and implement privacy filters",
  "risk_score": 0.78
}

Scan Summary

Review the overall scan results to understand your security posture.

Example Scan Summary

{
  "scan_id": "scan_12345",
  "status": "completed",
  "duration": "2m 34s",
  "total_findings": 27,
  "severity_breakdown": {
    "critical": 2,
    "high": 5,
    "medium": 12,
    "low": 8
  },
  "risk_score": 0.65,
  "recommendations": [
    "Implement input validation",
    "Add rate limiting",
    "Update security policies"
  ]
}

Remediation: Fixing Issues

Once you identify security issues, it's important to plan and execute a remediation strategy. This section provides guidance on prioritizing and implementing fixes.

Prioritization Strategy

Address vulnerabilities based on severity, exploitability, and business impact. Start with critical issues that could lead to immediate compromise.

Immediate Actions (Critical Issues)

  • • Fix prompt injection vulnerability
  • • Add authentication to model endpoint
  • • Patch critical vulnerabilities

Quick Fix for Prompt Injection

# Add input validation before sending to LLM
def sanitize_prompt(user_input):
    # Remove system instructions
    forbidden_patterns = [
        r"ignore.*previous.*instructions",
        r"system.*prompt",
        r"you are.*assistant"
    ]
    
    for pattern in forbidden_patterns:
        if re.search(pattern, user_input, re.IGNORECASE):
            raise SecurityException("Potential prompt injection detected")
    
    return user_input

Quick Fix for Model Authentication

# Add API key validation middleware
@app.before_request
def validate_api_key():
    if request.path.startswith('/models/'):
        api_key = request.headers.get('X-API-Key')
        if not api_key or not is_valid_key(api_key):
            abort(401, 'Invalid or missing API key')
            
# Configure rate limiting
limiter = Limiter(
    app,
    key_func=lambda: request.headers.get('X-API-Key'),
    default_limits=["100 per hour", "10 per minute"]
)

Remediation Roadmap

Plan your remediation efforts over time to ensure a secure and resilient AI system.

Week 1: Critical Issues

  • • Fix prompt injection, add authentication, patch critical vulnerabilities

Week 2-3: High Priority

  • • Implement input validation, fix data leakage, add monitoring

Month 2: Medium Priority

  • • Enhance logging, update dependencies, improve error handling

Ongoing: Best Practices

  • • Regular security scans, updates, and continuous monitoring

Best Practices: Ongoing Scanning

Security is an ongoing process. Regularly scanning and improving your security posture is essential to maintain a robust AI system.

Resources and Next Steps

Set up automated scanning to catch vulnerabilities before they reach production.

Prompt Injection Defense

Deep dive into preventing and detecting prompt injection attacks.

Learn more →

Model Security

Comprehensive guide to securing AI models and infrastructure.

Explore guide →

Ready for Continuous Security?

Set up automated scanning to catch vulnerabilities before they reach production.

Configure Automated Scanning
Installation GuideSecurity Best Practices