Frequently asked questions

AI Security Posture Management (AI-SPM) is a continuous-assurance discipline for organisations running LLM applications, agents, MCP servers, RAG pipelines, vector databases, and cloud AI services in production. An AI-SPM platform inventories every AI surface, runs scheduled adversarial scans, enforces runtime policy at the gateway layer, and maps each finding to industry frameworks (OWASP LLM Top 10, NIST AI 600-1, MITRE ATLAS, EU AI Act, ISO/IEC 42001) so security and GRC teams share one audit-ready evidence loop. Full overview on the AI-SPM platform page.

CSPM scores IAM, network, storage, and service configuration in the cloud accounts you operate. AI-SPM extends that with AI-specific control coverage: AI asset auto-discovery, adversarial scanning of prompt flows, runtime gateway DLP and tool allowlisting, and compliance mapping for AI-specific frameworks. CSPM and AI-SPM are complementary, not substitutes. The full AI-SPM vs CSPM comparison covers where each one starts and stops.

LLM security focuses on testing and governing large language model applications and prompt flows. AI-SPM is the broader programme that covers asset discovery, runtime controls, compliance evidence, and audit posture across every AI surface. LLM Security Posture Management is a focused layer within AI-SPM - the deep-dive lives on the LLM-SPM page.

A guardrail or AI firewall filters individual requests and responses at runtime. AI-SPM is the broader posture programme around that: it discovers every AI asset, runs scheduled adversarial tests, scores and tracks findings over time, and produces compliance evidence. Penaxtra includes a self-hosted runtime gateway as one layer, but adds the inventory, testing, and audit-evidence loop a standalone guardrail does not. Side by side on the AI-SPM vs guardrails comparison.

Penaxtra covers LLM applications, AI agents, MCP servers, RAG pipelines, vector databases, runtime AI gateways, and cloud AI services. Each surface is inventoried as a typed asset, tested with surface-appropriate adversarial probes, and mapped to the same compliance frameworks. See the platform pillars.

Yes. Every finding is mapped at the article level to the EU AI Act (notably Articles 9, 15, and 17 for risk management, accuracy/robustness/cybersecurity, and quality management). The same finding row also carries control IDs from NIST AI 600-1, MITRE ATLAS, OWASP LLM Top 10, OWASP Agentic Top 10, and ISO/IEC 42001, so a single observation feeds the audit evidence pack for every framework you are held to. Detail on the EU AI Act page.

Six ship pre-mapped at the control identifier level: OWASP LLM Top 10 (2025), OWASP Agentic Top 10, NIST AI 600-1 (Generative AI Profile under the NIST AI RMF), MITRE ATLAS, the EU AI Act (high-risk provider obligations), and ISO/IEC 42001 (AI management system controls). Cross-framework overlap pairs are pre-computed so one finding can satisfy multiple audit requirements without manual re-mapping. Browse the control catalogue.

The EU AI Act (Article 15) requires high-risk AI systems to reach appropriate levels of accuracy, robustness, and cybersecurity, including resilience against attempts to alter their use or behaviour through adversarial inputs such as data or model poisoning and adversarial examples. The Act does not mandate a specific tool, but adversarial testing is a recognised way to evidence those robustness and cybersecurity obligations. Penaxtra runs scheduled adversarial scans and maps each finding to the relevant article, which is the milestone many regulated teams are preparing for ahead of 2 August 2026. This is general information, not legal advice. More on the EU AI Act page.

ISO/IEC 42001 is the management-system standard for AI - an AI management system, analogous to ISO 27001 for information security. Penaxtra maps findings to ISO/IEC 42001 controls and keeps an append-only audit trail of scans, findings, and remediation status, which supports the operational-control and continual-improvement clauses certification auditors review. See the ISO 42001 page.

The runtime gateway is a self-hosted Go agent that runs inside the customer network in front of the LLM endpoint. The control plane (asset inventory, scan scheduler, evidence store, audit log) is hosted by Penaxtra. The agent loads Ed25519-signed rule blobs and refuses anything that fails signature verification. Architecture deep-dive on the architecture page.

No. Because the gateway is self-hosted in front of the endpoint, prompt and response bodies stay inside your environment. Only allow or block decisions and redacted finding records flow upstream to the control plane, and judge rationales are PII-redacted before they are stored. Architecture detail on the architecture page.

Yes. The Model Card Analyzer takes a public model registry URL or repository id and scores it against more than fifty supply-chain checks before the model reaches production. It flags pickle-format weight files that execute code on load, missing or restrictive licenses, license drift between the metadata and README, trust_remote_code custom code paths, unsafe chat-template tokens, missing safety and bias evaluation, low-adoption or recently uploaded repositories, deprecation status, and EU AI Act Annex IV disclosure gaps. Every finding maps to OWASP LLM Top 10, NIST AI 600-1, MITRE ATLAS, and the EU AI Act, and the analysis reads only public metadata - it never downloads or executes the model weights.

Yes. Loading a pickle-format weight file (.bin, .pt, .pkl, .ckpt) executes arbitrary Python defined inside the file, so a tampered or malicious checkpoint can run code on the host that loads it. Safetensors and GGUF are byte-safe alternatives that carry no executable code. Penaxtra flags pickle-only repositories as critical, downgrades the finding when a safetensors alternative is published alongside, and surfaces the registry own pickle-scanner verdict where the registry publishes one.

An AI Bill of Materials (AI-BOM) is a structured inventory of the AI components in a system: models and their provenance, the tools and functions an agent can call, vector stores and RAG corpora, and the third-party model providers in the chain. It is the AI analogue of a software SBOM. Penaxtra assembles an AI-BOM from its asset inventory. More in what is an AI-BOM.

Under EUR 0.10 per finding at scale. The platform uses aggressive prompt caching with frontier model providers and the Batch API where the scan SLA allows. Scan quotas and endpoint counts are bundled per tier rather than billed by API call, so procurement planning is predictable. Full plan breakdown on the pricing page.

Penaxtra tests LLM endpoints exposed as an HTTP API. Supported authentication includes bearer token, API key, JWT, HTTP basic, HMAC-signed requests, OAuth2 client-credentials, and AWS SigV4 for Amazon Bedrock. You register the endpoint URL and credentials once; credentials are stored sealed and used only to run scans. Setup steps are in register an LLM endpoint.

Every adversarial output is scored by three independent LLM judges plus a meta-judge that resolves disagreement, instead of a single model. Low-confidence cases are flagged for human review rather than auto-closed. This multi-judge consensus reduces single-model bias and the false positives a one-model scanner produces. Method detail on the judge consensus page.