AI Gate
Verifiable AI deploy gates for real application workflows.
ShakerScan AI Gate tests deployed AI behavior and turns findings into signed release decisions your pipeline can verify before merge or deployment.
Sample gate decision
Prompt-injection policy failed
The scan found transcript-backed evidence that an AI workflow followed untrusted instructions and exposed protected context. CI rejects the deployment until the target passes or an exception is approved.
A PR, preview deploy, API target, or AI workflow is ready for review.
ShakerScan tests the real web, API, or AI behavior with a selected scan profile and policy.
Findings, transcripts, and runtime artifacts are normalized into evidence.
Policy returns allow, block, or needs_approval.
CI/CD verifies the signed evidence and either proceeds, blocks, or waits for an eligible scoped approval-token workflow.
Why ShakerScan
The output is a release control, not just a report.
ShakerScan is built around release evidence: a tested target, a policy result, a verifier command, and an approval path when risk needs human review.
Signed evidence
Evidence hashes and AI Gate attestations bind the decision to the target, environment, policy, probe pack, and release scope when signing is configured.
CI-verifiable decision
GitHub Actions or the shakerscan CLI can verify that the decision matches the expected repo, commit, branch, environment, target, policy, and evidence hash.
Approval workflow
When an eligible workflow is approved, scoped approval tokens record the reason, audience, expiry, and decision path instead of bypassing the gate silently.
Checklist
Start with one AI Gate
Create or select one AI API, widget, RAG, agent, or MCP target.
Verify ownership and configure the minimum credential scope needed for testing.
Run the smoke probe pack first, then move to a broader probe pack or scan profile after setup is stable.
Install the GitHub App or run shakerscan ai gate in CI.
Require attestation verification before merge or deploy.
Limitations
What this page does not claim
ShakerScan does not replace human security review, threat modeling, or a scoped penetration test.
AI Gate decisions depend on the configured target, probe pack, policy, scan profile, and available evidence.
Production targets require authorization, safe scope, rate limits, and operational approval.
FAQ
Is ShakerScan an AI pentesting replacement?
No. ShakerScan is a verifiable security gate for release workflows. It complements deeper manual testing by producing repeatable runtime evidence and CI-verifiable allow, block, or needs_approval decisions.
Can ShakerScan scan any target?
No. Targets must be owned by the customer or explicitly authorized. Production scans should use safe profiles, rate limits, and defined scope.
What AI surfaces does AI Gate fit best?
It fits customer-facing AI APIs, support widgets, RAG assistants, agent workflows, MCP traces, and other AI-enabled behavior that should be tested before release.