Syhunt Hybrid 7.1.1 introduces Shadow AI detection with DAST and SAST support

Today, Syhunt announced the release of Syhunt Hybrid 7.1.1, an important update that introduces Shadow AI threat detection through Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST). Shadow AI refers to the use of artificial intelligence features—such as chatbots, text generators, and other AI services—within applications without proper oversight, security controls, or authorization. These hidden or unmanaged AI components can introduce serious risks, including data leaks, prompt injections, and unexpected behaviors. With this new capability, organizations can detect and address these risks during runtime analysis. Among the AI technologies identified by Syhunt’s Shadow AI detection are integrations with popular platforms such as OpenAI and DeepSeek, which, if left unchecked, could introduce security vulnerabilities or compliance issues in production environments.

With this release, Syhunt becomes the first in the market to deliver Shadow AI detection within a dynamic and hybrid application security scanner, combining both dynamic and static analysis to identify hidden or unauthorized AI usage across the entire application lifecycle.

This enhancement builds on last week’s announcement, where Syhunt introduced Shadow AI detection through SAST. With SAST capabilities, Syhunt scans source code to uncover the use of AI-related API endpoints — including those related to OpenAI, DeepSeek, and other emerging AI systems — that may pose security or compliance risks before the application is deployed. Through SAST, Syhunt detects Shadow AI usage across applications written in C#, Node.js, Objective-C, Swift, Lua, PHP, Python, Java, Kotlin, Ruby, Dart, and Delphi.

The release of Shadow AI detection capabilities follows another major milestone for Syhunt. On May 27, 2024, Syhunt became the first DAST tool in the market to check for Cross-Site Scripting (XSS) vulnerabilities in LLM-powered web applications. This advancement was made possible through Syhunt’s pioneering research into the unique security challenges posed by Large Language Models (LLMs), which led to the development and inclusion of specialized checks for LLM-related XSS vulnerabilities within the tool.

By combining DAST and SAST for Shadow AI detection and leading the way in LLM-focused security testing, Syhunt Hybrid now provides a comprehensive solution to help organizations manage the growing security challenges brought on by the rapid adoption of AI technologies. This dual approach ensures both the codebase and the live application are thoroughly analyzed for any unauthorized or insecure use of AI, strengthening security posture and governance across the development lifecycle.

Improvements in 7.1.1

• Added AI models to target preferences screen.
• Added the detection of Shadow AI to the DAST module.
• In DAST, if AI model is selected in target preferences screen, it doesn't gets reported as shadow AI during a scan.
• In SAST, Shadow AI detection can be ignored through Ignore IDs or disabled in .syhunt-ci.yml, by using the following key: options_disabled: shai
• Fixes: an issue with Use Depth limit option being enabled in the target preferences of web UI.
• Fixed: an issue with post-install command in Linux setup affecting some distros.
• Finished missing translation of Shadow AI texts.

That's all, for now. Happy bug hunting!