Skip to content
| Marketplace
Sign in
Azure DevOps>Azure Pipelines>HiddenLayer Model Scanner
HiddenLayer Model Scanner

HiddenLayer Model Scanner

HiddenLayer

|
8 installs
| (0) | Free
HiddenLayer Model Scanner for Azure DevOps
Get it free

HiddenLayer Model Scanner

Detect malicious code and ensure your models are secure HiddenLayer Model Scanner prevents security issues by detecting malicious code in your AI models and ensures your AI models are free from adversarial code.

HiddenLayer’s Model Scanner ensures models are free from adversarial code before entering corporate environments. The HiddenLayer Model Scanner allows data science teams to access AI models securely, allowing faster time to model deployment. The HiddenLayer Model Scanner is available via SaaS or on-prem. The Model Scanner integrates seamlessly with modern ML development lifecycles and SecOps workflows. In this era of AI innovation, the Model Scanner is a critical component for rapid collaboration and innovation. Trust, flexibility, and comprehensiveness are non-negotiable when it comes to ensuring your business stays ahead in innovation.

Key Benefits:

Powerful: Scan a broader range of model file types across more MLOps platform scenarios than any other scanner.

Flexible: Deploy on-premise and/or SaaS for seamless support in demo, training, and production environments.

Recognized: Industry-backed and award-winning, with accolades from RSA Sandbox, M12, IBM, DoD, and MITRE ATLAS alignment for integration into SecOps workflows.

Key Capabilities:

  • Malware Analysis - Scans AI Models for embedded malicious code that could serve as an infection vector & launchpad for malware
    • Scan single files or entire folders
  • Model Integrity - Analysis of AI Model’s layers, components & tensors to detect tampering or corruption.
  • Uses a combination of static detection and analysis to identify malware, vulnerabilities, model integrity & corruption issues
  • Catalog a Known-Good State of your AI Models as a baseline for identifying future tampering
  • Supports ChatGPT and LLMs
  • Data Leakage — Ensure LLM outputs do not expose backend systems risking privilege escalation or remove code execution.
  • Supports a variety of AI Model file types: Pickle, Dill, Joblib, Numpy, Zip, and ONNX

Installation

To use this Azure DevOps task, you must install it into your Azure DevOps organization. You can do this by following the steps below:

  • Browse to the Organization Settings
  • Click on Extensions
  • Click on "Browse Marketplace"
  • Search for "HiddenLayer Model Scanner"
  • Install the extension

Setup

Authentication:

  • Navigate to your devops task
  • In the library create a new variable group - Remember name for next step
  • Add HL_CLIENT_ID and HL_CLIENT_SECRET
    • If you have a HiddenLayer license these can be created in the HiddenLayer Admin Console

Configuration

  • In your repository create a azure-pipelines.yaml file

  • Set variables with the group name assigned previously

  • Create a task and target the desired version

  • Setup inputs

    • modelPath (required): Path to the model(s), can either be a path to a single model in the repo, or a folder containing the model(s) in the repo

    • apiUrl: URL to the HiddenLayer API if you're using the OEM/self hosted version. Defaults to https://api.us.hiddenlayer.ai

    • failOnDetections: True to fail the pipeline if a model is deemed malicious. Defaults to False

    • hlClientID (required for SaaS only): Your HiddenLayer API Client ID

    • hlClientSecret (required for SaaS only): Your HiddenLayer API Client Secret

    • modelVersion: Optional version of model to scan for community scan, e.g. main branch etc. Defaults to main for community scan

    • sarifFile: Path to SARIF output file. Compatible with github advanced security.

    • communityScan: Optional parameter to enable the community scan capabilities in model scanner. If not specified model is uploaded to model scanner (Saas or on-prem). Possible values below

    Community Scan Value Description Model Version
    AWS_PRESIGNED Presigned S3 URL N/A
    AZURE_BLOB_SAS Shared Access Signature (SAS) Azure Blobstore URL N/A
    HUGGING_FACE Hugging Face repo repo branch e.g. main
    • azureBlobSasKey: Optional Azure SAS token for accessing Azure Blob Storage if an Azure Blob Store URL is passed (different than community scan)

    Note: For customers using the Enterprise Self Hosted Model Scanner, please ensure your Github Action runners can make network requests to the Model Scanner API.

Sample Pipeline

#sample azure-pipelines.yaml
trigger:
- main

pool:
  vmImage: ubuntu-latest

variables:
- group: <your_variable_group_name>
- name: System.Debug
  value: true
steps:
- task: ModelScanner@1 #Select version
  inputs:
    #Single file example
    modelPath: 'safe_model.pkl'
    apiUrl: '<hiddenlayer_api_url>'
    failOnDetections: true
    hlClientID: $(HL_CLIENT_ID)
    hlClientSecret: $(HL_CLIENT_SECRET)
- task: ModelScanner@0 #Select version
  inputs:
    #Folder example
    modelPath: 'models/'
    apiUrl: '<hiddenlayer_api_url>'
    failOnDetections: false
    hlClientID: $(HL_CLIENT_ID)
    hlClientSecret: $(HL_CLIENT_SECRET)
    sarifFile: 'models/multi-scan-output.sarif'
#Community Scan
- task: ModelScanner@1
  inputs:
    modelName: 'dev-azure-devops-community-scanme'
    modelPath: 'ScanMe/Models'
    apiUrl: 'https://api.us.hiddenlayer.ai'
    failOnDetections: false
    sarifFile: security/output.sarif
    communityScan: HUGGING_FACE
    hlClientID: $(HL_CLIENT_ID)
    hlClientSecret: $(HL_CLIENT_SECRET)
#Azure Blob Store Scan
- task: ModelScanner@1
  inputs:
    modelName: 'dev-azure-devops-azure-malicious-test'
    modelPath: '<blob-store-path>'
    apiUrl: 'https://api.us.hiddenlayer.ai'
    failOnDetections: false
    sarifFile: security/output.sarif
    hlClientID: $(HL_CLIENT_ID)
    hlClientSecret: $(HL_CLIENT_SECRET)
    azureBlobSasKey: $(AZURE_BLOB_STORE_KEY)

Optional Configuations

Environment Variables

AWS_ACCESS_KEY_ID: Required when scanning a model on S3 if not using self hosted runners with access to S3.

AWS_SECRET_ACCESS_KEY: Required when scanning a model on S3 if not using self hosted runners with access to S3.

HUGGINGFACE_TOKEN: Required if you want to scan private or licensed models.

Learn more

Source Code on GitHub

Model Scanner Datasheet

HiddenLayer Platform

  • Contact us
  • Jobs
  • Privacy
  • Manage cookies
  • Terms of use
  • Trademarks
© 2025 Microsoft