Definitions of key terms used across the Scandar platform, scan reports, and documentation.
An attack where hidden instructions are inserted into an AI's input to override its system prompt or manipulate its behavior. Similar to SQL injection but targeting language models.
When an MCP server tool's description contains hidden instructions that trick the AI into performing unintended actions. The tool appears legitimate but its metadata is weaponized.
Unauthorized transmission of data from your system to an external server. In the AI context, this often happens through webhook callbacks, encoded URL parameters, or tunneling services.
An open protocol that allows AI assistants to connect to external tools and data sources. MCP servers provide tools, resources, and prompts that AI models can use.
A 0–100 score that Scandar assigns to scanned files based on the severity and count of findings. Safe (90–100), Caution (70–89), Risky (40–69), Dangerous (0–39).
Scandar's first scanning layer. Uses deterministic regex patterns and rules to detect known threat signatures. Runs in milliseconds. Works offline.
Scandar's second scanning layer. Uses Claude to analyze the file's intent — comparing stated purpose vs. actual behavior. Catches subtle threats that patterns alone cannot.
Attempts to read API keys, tokens, passwords, SSH keys, or environment variables. Common attack vector in AI skill files that request filesystem access.
Manipulation tactics in AI context designed to trick users into performing unsafe actions — approving dangerous permissions, sharing credentials, or disabling security features.
When an AI skill or tool requests more access than needed for its stated purpose. For example, a 'text formatting' skill requesting full disk access.
Techniques used to hide malicious content: base64 encoding, Unicode tricks, zero-width characters, hex escaping, or steganographic embedding.
Scandar's ability to flag missing defenses — not just present threats. A system prompt without injection protection is vulnerable even if it contains nothing malicious.
A standard JSON format for static analysis results. Scandar outputs SARIF for GitHub Code Scanning integration — each finding becomes an inline PR annotation.
Configuration files that define how AI agents behave — their tools, permissions, autonomy limits, and framework settings. Supported formats include YAML, JSON, and Python.
Analysis that examines how multiple components interact. A permissive prompt + unrestricted tools + no human-in-the-loop creates risks that no individual component scan detects.
Scandar's auto-remediation feature. Claude rewrites your file with selected threats removed while preserving all legitimate functionality. Available on the Pro plan.
A control pattern where an AI agent must get human approval before executing certain actions. Missing HITL controls are a common finding in agent config scans.
Restricting how many requests or actions an AI agent can perform in a given time window. Missing rate limits allow runaway agents to consume resources or cause damage.
A sequence of attacker steps — from initial compromise to data exfiltration — mapped across an AI agent's execution path. Scandar Overwatch detects and visualizes kill chains in real time.
A hidden marker injected into agent context to detect data exfiltration. If a canary token appears in an outbound request, it proves the agent leaked sensitive context.
Automated isolation of a compromised AI agent, blocking its ability to make tool calls or delegate to other agents while preserving forensic evidence.
A technique that follows the flow of untrusted data through an agent's execution, flagging when tainted input reaches a sensitive operation like a tool call or database query.
The scope of impact if a specific AI agent is compromised — including downstream agents, accessible tools, and data at risk.