@"
Proof of concept using Azure AI Foundry agents for multi-model security scanning.
- 🤖 Multi-agent analysis using 4 AI models (DeepSeek, Grok, GPT-4, GPT-5)
- 🔍 Security vulnerability detection (OWASP Top 10)
- 🛡️ Responsible AI assessment (Microsoft RAI Standard)
- 🎯 Consensus-based false positive reduction
- 📊 Detailed reporting with CVSS scores and CWE mappings
# Create virtual environment
python -m venv .venv
.\.venv\Scripts\Activate.ps1
# Install dependencies
pip install -r requirements.txtYour .env file is already configured with:
- Project: ai-scs
- Resource Group: OpenAI
- Region: eastus2
python -m src.mainThe POC will:
- Initialize 4 AI agents from Azure AI Foundry
- Analyze sample vulnerable code in parallel
- Build consensus from all agent findings
- Generate a detailed security report
- Save results to
output/folder
ai-scs/
├── config/
│ └── agents_config.yaml # Agent configurations
├── src/
│ ├── agents/ # Agent management
│ ├── tools/ # Analysis tools
│ ├── consensus/ # Consensus engine
│ └── main.py # Entry point
├── tests/ # Test files
└── output/ # Generated reports
- DeepSeek Security Expert - General vulnerability detection
- Grok RAI Assessor - Responsible AI risks
- GPT-4 Security Auditor - OWASP Top 10 analysis
- GPT-5 Advanced Analyst - Complex threat detection
output/consensus_results.json- Detailed findings in JSONoutput/report.txt- Human-readable report
Error: "Connection string invalid"
- Check AZURE_AI_PROJECT_CONNECTION_STRING in .env
- Verify project exists in Azure AI Foundry
Error: "Model not found"
- Verify model deployment names in Azure AI Foundry
- Check AGENT_* variables in .env match your deployments
- Add GitHub repository scanning
- Implement PDF report generation
- Add automated PR creation
- Integrate with CI/CD pipelines
MIT License - Microsoft Internal Use