The AI-BOM Toolkit is an open-source project that turns complex CycloneDX AI-BOM JSON into an interactive constellation graph you can explore and filter. Pipe output from any AI-BOM generator (like Snyk CLI) into the `aibom` npm package and instantly see every AI model, dataset, library, MCP server, MCP client, agent, and service your application depends on. Use it as a CLI (npx aibom --view) or with the online webapp aibom.vercel.app to upload your AI BOMs on the fly.
Stop insecure AI code before it lands. Snyk Studio plugs into your AI code assistants (and VS Code, Cursor, and others) to scan code suggestions in real time, flag risky patterns, and guide safer fixes by these coding agents. Snyk Studio also injects Snyk’s security expert context so your assistant can plan and apply fixes to existing vulnerabilities without ever leaving the editor and terminal.
The Snyk AI-BOM CLI maps the critical AI components powering your application, including AI models, datasets, and external services. It extends the traditional SBOM to create a clear inventory of everything your AI code relies on. Use Snyk AI-BOM to detect and map dependencies created via the MCP open standard, providing security and engineering leaders with the governance insights they need. Audit AI usage, track LLM providers, and ensure compliance with one command
VulnCost is an open source security scanner for VSCode that helps find vulnerabilities in JavaScript, TypeScript & HTML packages, while you code. Receive feedback in-line with your code, such as the number of vulnerabilities a package being imported contains.
