Scanning Guide
AIR Blackbox scans Python AI agent code for EU AI Act compliance using a combination of regex-based pattern matching and framework detection.
How Scanning Works
The scanner performs three passes on your code:
- Framework Detection — Identifies which AI framework you're using (LangChain, CrewAI, AutoGen, OpenAI, or RAG patterns)
- Trust Layer Detection — Checks if AIR trust layer components are already present
- Article Compliance Checks — Evaluates code against each of the 6 EU AI Act articles
Articles Checked
Article 9: Risk Management
Checks whether your AI system includes risk assessment and classification. The scanner looks for risk scoring functions, tool classification, and ConsentGate patterns.
Article 10: Data Governance
Verifies that data handling includes privacy controls. Looks for DataVault, tokenization, PII detection, and data governance patterns.
Article 11: Technical Documentation
Ensures proper logging and documentation exists. Checks for structured logging, audit callbacks, and documentation generation.
Article 12: Record-Keeping
Validates audit trail implementation. Looks for AuditLedger, HMAC-SHA256 chains, and immutable record-keeping patterns.
Article 14: Human Oversight
Confirms human-in-the-loop mechanisms are present. Checks for approval gates, human review steps, and oversight callbacks.
Article 15: Accuracy & Robustness
Tests for input validation and injection protection. Looks for prompt injection detection, input sanitization, and output validation.
Scan Results
Each finding includes:
- Article — Which EU AI Act article is affected
- Severity — CRITICAL, HIGH, MEDIUM, or LOW
- Finding — Description of the compliance gap
- Recommendation — Specific action to fix the issue
Supported Frameworks
| Framework | Detection | Trust Layer |
|---|---|---|
| LangChain | Import patterns | air-langchain-trust |
| CrewAI | Import patterns | air-crewai-trust |
| AutoGen | Import patterns | air-autogen-trust |
| OpenAI SDK | Import patterns | Direct integration |
| RAG | Retrieval patterns | Custom trust layer |
Next Steps
- MCP Server — Scan code directly from Claude Desktop
- GitHub Action — Add scanning to your CI/CD
- Trust Layers — Fix findings with framework integrations