Context
AISVS (AI Security Verification Standard) v1.0 benchmark exists in cloud/aisvs_benchmark.py and works via CLI, but is not accessible through the REST API.
AISVS uses a different architecture than the tag-based compliance frameworks — it runs benchmark checks (verification tests) rather than mapping blast radius tags to controls. This requires either:
- Converting AISVS results into the tag-based format the API expects, or
- Adding a separate benchmark-style response format to the compliance API
Requirements
- Expose AISVS results in
/v1/compliance response
- Add
/v1/compliance/aisvs endpoint
- Decide on representation: tag-based (convert benchmark results to controls) or benchmark-style (pass/fail checks with evidence)
- Update framework count in docs if needed
Notes
- AISVS checks are in
cloud/aisvs_benchmark.py with AISVSResult dataclass
- Current checks cover model supply chain, runtime isolation, credential management
Context
AISVS (AI Security Verification Standard) v1.0 benchmark exists in
cloud/aisvs_benchmark.pyand works via CLI, but is not accessible through the REST API.AISVS uses a different architecture than the tag-based compliance frameworks — it runs benchmark checks (verification tests) rather than mapping blast radius tags to controls. This requires either:
Requirements
/v1/complianceresponse/v1/compliance/aisvsendpointNotes
cloud/aisvs_benchmark.pywithAISVSResultdataclass