ShakerScanRun Public DAST Preview

Template

Answer AI security questionnaire questions with evidence.

Use ShakerScan evidence to answer how AI features are tested, gated, remediated, approved, and reviewed without claiming more than the controls support.

Run Public DAST PreviewInstall GitHub App

Sample gate decision

needs_approval

Questionnaire answer requires review

A customer asks whether every AI release is automatically tested. The answer can reference configured gates while flagging surfaces outside current scope.

questionnaire item:AI prompt-injection testing
tested targets:support-chat-api
untested scope:internal admin assistant
evidence packet:ai-security-review-2026-04
1

Map each questionnaire item to a tested AI target or policy workflow.

2

Use current scan evidence, decision state, remediation status, and limitations.

3

Flag legal, privacy, compliance, or unsupported product claims for human review.

4

Attach the evidence packet or verifier link when appropriate.

Why ShakerScan

The output is a release control, not just a report.

ShakerScan is built around release evidence: a tested target, a policy result, a verifier command, and an approval path when risk needs human review.

Signed evidence

Evidence hashes and AI Gate attestations bind the decision to the target, environment, policy, probe pack, and release scope when signing is configured.

CI-verifiable decision

GitHub Actions or the shakerscan CLI can verify that the decision matches the expected repo, commit, branch, environment, target, policy, and evidence hash.

Approval workflow

When an eligible workflow is approved, scoped approval tokens record the reason, audience, expiry, and decision path instead of bypassing the gate silently.

Checklist

Safe answer checklist

Say what is tested and what is not tested.

Mention DAST or AI Gate only where supported by current evidence.

Avoid guaranteed compliance, zero-risk, or pentest-replacement claims.

Use the latest evidence hash or report when sharing proof.

Limitations

What this page does not claim

ShakerScan does not replace human security review, threat modeling, or a scoped penetration test.

AI Gate decisions depend on the configured target, probe pack, policy, scan profile, and available evidence.

Production targets require authorization, safe scope, rate limits, and operational approval.

FAQ

Is ShakerScan an AI pentesting replacement?

No. ShakerScan is a verifiable security gate for release workflows. It complements deeper manual testing by producing repeatable runtime evidence and CI-verifiable allow, block, or needs_approval decisions.

Can ShakerScan scan any target?

No. Targets must be owned by the customer or explicitly authorized. Production scans should use safe profiles, rate limits, and defined scope.