Getting Started with Veritensor
Veritensor is an open-source security scanner designed specifically for the AI Supply Chain. Unlike traditional SAST tools that focus on code, Veritensor focuses on AI Artifacts: Models, Datasets, and RAG Documents.
Why Veritensor?
Modern AI development involves downloading gigabytes of opaque binary files (Models) and processing untrusted documents (RAG). Traditional security tools are blind to these threats.
- Models: Is that
.pklfile safe to load, or will it execute a reverse shell? - RAG: Does that PDF resume contain white-text prompt injections?
- Data: Is your Parquet dataset poisoned with malicious URLs?
Veritensor answers these questions in seconds, locally, without sending your data to the cloud.
Installation
Veritensor is a Python CLI tool.
Basic Installation
For scanning models and notebooks:
pip install veritensor
Full Installation (Recommended) Includes support for RAG documents (PDF/Docx), Datasets (Parquet/CSV), and PII detection:
pip install "veritensor[rag,data,pii]"
python -m spacy download en_core_web_lg
Quick Start
1. Scan a Project
Navigate to your project folder and run:
veritensor scan .
Veritensor will recursively find all supported files (Notebooks, Models, Configs) and audit them.
2. Scan a Specific Model
Check a downloaded model before loading it:
veritensor scan ./llama-2-7b.bin --repo meta-llama/Llama-2-7b
This verifies the hash against the official Hugging Face registry and checks for malware.
3. Scan RAG Documents
Check a folder of PDFs before vectorization:
veritensor scan ./rag_documents --full-scan
What's Next?
- Explore the Threat Database to understand what we detect.
- Learn how to Secure your RAG Pipeline.
- Set up CI/CD Integration.