AISVSwise is an open-source, browser-based assessment tool for the OWASP Artificial Intelligence Security Verification Standard (AISVS).
OWASP AISVS is an open framework for verifying the security of AI systems — including LLMs, agents, RAG pipelines, and model infrastructure. AISVSwise walks your organization through all 14 AISVS controls, scores your maturity across 97 sub-controls, and provides AI-powered improvement recommendations — all without uploading any data to a server.
- ✅ XSS protection — LLM output sanitized with HTML escaping before markdown rendering
- ✅ Zero vulnerabilities — All dependencies updated and secured
- ✅ Next.js 16.2 — Turbopack enabled with enhanced performance
- ✅ GitHub Actions — Automated security scanning: Semgrep, TruffleHog, Vet
- ✅ AES-GCM encrypted API keys — Stored only on your device, never transmitted to our servers
- ✅ Full Portuguese (PT-BR) survey — All 14 control pages, 97 panel names, and answer choices translated
- ✅ Complete i18n parity —
en.jsonandpt.jsonfully in sync (validated by CI tests) - ✅ Accessibility strings — Alt text and
aria-labelattributes fully translated (a11ynamespace) - ✅ LLM provider labels — Provider names translated via
providersnamespace
- ✅ Dark theme — consistent
#0f111abackground with glassmorphism cards - ✅ Tailwind CSS v4 — CSS-first configuration, zero legacy CSS modules
- ✅ Feature Slices architecture — code organized by domain
- ✅ Framer Motion — smooth animations on buttons, navbar, and interactive elements
- ✅ Responsive design — works on desktop and mobile
- ✅ TypeScript 5.7 — Full codebase migration
- ✅ i18n via next-intl v4 — English & Portuguese (BR)
- ✅ Unit Tests — Jest 30 + React Testing Library (122 tests)
- ✅ Docker port aligned — Dockerfile, docker-compose, and npm scripts all use port 3600
- ✅ Multi-provider LLM — Anthropic, OpenAI, Gemini, and Ollama support
- ✅ Encrypted API keys — AES-GCM encryption stored only on your device
- ✅ Auto or manual analysis — Toggle automatic analysis per report
- ✅ Persisted with report — AI analysis saved inside the JSON report file
- ✅ Comparison support — Analysis reloaded when importing previous reports
- Node.js 20.9.0 or higher
- npm 10.x or higher
# Pull the image
docker pull z4l1nux/AISVSwise:latest
# Run the container
docker run -d -p 3600:3600 --name AISVSwise-app z4l1nux/AISVSwise:latestdocker-compose up- Install dependencies:
npm install- Run in development mode:
npm run dev- Or build for production:
npm run build
npm startThe application will be available at http://localhost:3600
AISVSwise supports multiple languages via next-intl v4.
- 🇺🇸 English (default)
- 🇧🇷 Português (Brazilian Portuguese)
- Language Switcher in the navbar with animated dropdown
- Survey fully translated — panel names, page titles, and answer choices all localized
- SEO optimized — page titles and meta descriptions per language
- Easy to extend — add new languages by creating
src/messages/<locale>.jsonand adding the locale tonext.config.js
- 14 AISVS Controls covering the full AI security lifecycle:
- C1 Training Data · C2 Input Validation · C3 Model Lifecycle · C4 Infrastructure
- C5 Access Control · C6 Supply Chain · C7 Model Behavior · C8 Memory & Vectors
- C9 Agentic Actions · C10 MCP Security · C11 Adversarial Robustness · C12 Privacy
- C13 Monitoring · C14 Human Oversight
- 97 sub-control panels with 454 individual verification questions
- 4-point scale per question: No / Yes, for some / Yes, for most / Yes, for all
- Progress Tracking — Save and resume assessments at any time
- Import/Export — Share results in JSON format
- Panel navigation — Previous/Next buttons within each control
- Visual Analytics:
- 🎯 Gauge Chart — Overall maturity score (0–3 scale)
- 📊 Bar Charts — Response distribution and control scores
- 🕸️ Radar Charts — Multi-dimensional view across all 14 controls
- 📋 Practice Breakdown Table — Color-coded maturity levels (Initial / Managed / Defined / Optimized)
- Comparison Mode — Compare current vs. previous assessments
- Export Options — Download results as JSON or PDF
- AI Analysis — Detailed insights and improvement roadmap via LLM
- Provider Selection — Anthropic, OpenAI, Gemini, or Ollama (fully local)
- Dynamic Model Fetching — Models fetched live from the provider API
- Encrypted Storage — API keys encrypted with AES-GCM, stored only on device
- Auto-Analysis Toggle — Optionally trigger analysis automatically after completing an assessment
- Start Assessment — Navigate to
/assessment - Complete Questions — Answer verification questions across all 14 AISVS controls
- Save Progress — Use "Save Responses" to back up your work at any time
- View Results — Navigate to
/resultsto see charts and your maturity score - AI Analysis — Configure a provider at
/ai, then click "Analyze Results" - Compare — Upload a previous JSON report to visualize improvements over time
AISVSwise/
├── src/
│ ├── pages/ # Next.js pages (TypeScript)
│ │ ├── index.tsx # Home page
│ │ ├── assessment.tsx # Assessment survey
│ │ ├── results.tsx # Results dashboard
│ │ ├── ai.tsx # AI settings
│ │ ├── about.tsx # About AISVS
│ │ └── api/ # API proxy routes (LLM)
│ ├── features/ # Feature slices (domain logic)
│ │ ├── assessment/ # Survey engine, panels, navigation
│ │ │ ├── graphs/ # Chart class definitions (.ts)
│ │ │ └── surveys/
│ │ │ ├── surveypages/ # c01.ts … c14.ts (control pages)
│ │ │ ├── surveypanels/ # c01/ … c14/ (sub-control panels)
│ │ │ ├── translations-pt.ts # PT translations + translateSurvey()
│ │ │ └── totalsurvey.ts # Aggregates all 14 controls
│ │ ├── results/ # GaugeChart component
│ │ └── ai-analysis/ # LLM integration (settings, analysis, crypto, prompt)
│ ├── components/ # Shared UI components
│ │ ├── navbar.tsx # Sticky glassmorphism navbar
│ │ ├── footer.tsx # OWASP footer
│ │ ├── LanguageSwitcher.tsx# Animated language dropdown
│ │ ├── inputfile.tsx # Drag-and-drop file upload
│ │ └── buttons/ # NavButton, SurveyButton, DropdownButton
│ ├── types/ # Shared TypeScript types (index.ts)
│ ├── messages/ # i18n translation files (en.json, pt.json)
│ └── styles/ # Global CSS (Tailwind v4, SurveyJS dark overrides)
├── __tests__/ # Jest unit tests (122 tests)
└── public/ # Static assets
We welcome contributions! Please follow these steps:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
This project is licensed under the Apache License 2.0 — see the LICENSE file for details.
Copyright 2021-2026 OWASP Foundation.
- OWASP AISVS: https://owasp.org/www-project-artificial-intelligence-security-verification-standard/
- OWASP Foundation: https://owasp.org
- OWASP Slack: Join the community for support and discussions
- Some legacy browsers may have compatibility issues with glassmorphism effects
- Print/PDF layout is optimized for A4 paper size
- OWASP Foundation for the AISVS framework
- Modernization, redesign, and AI integration by the OWASP community
-
v2.5.0 (2026) — Security, i18n & test hardening
- XSS fix: HTML escaping applied to all LLM output before
dangerouslySetInnerHTML - Portuguese survey fully translated: 14 control pages, 97 panel names, all choice labels
translateSurvey()now correctly called intotalsurvey.ts(was orphaned)- New
a11yandprovidersi18n namespaces; alt text and aria-labels fully localized - Initial
navbarStatecorrected from'Governance'(stale SAMM value) to'Control 1' - Docker port unified to 3600 across Dockerfile, docker-compose, and npm scripts
- Test suite updated for AISVS structure: 14 controls, 97 panels, real
q_c*question names
- XSS fix: HTML escaping applied to all LLM output before
-
v2.4.0 (2026) — Full TypeScript migration
- Migrated all 62 source files from
.js/.jsxto.ts/.tsx - Added
src/types/index.tswith shared domain types - Expanded test suite to 122 tests (Jest 30 + React Testing Library)
- Migrated all 62 source files from
-
v2.3.0 (2026) — Framework upgrade & Turbopack
- Upgraded to Next.js 16.2.1 with Turbopack
- Node.js minimum bumped to v20.9.0
-
v2.2.0 (2026) — Dark glassmorphism redesign
- Full dark theme with Tailwind CSS v4
- Feature Slices architecture
- AI auto-trigger guard (
freshCompletionflag)
-
v2.1.0 (2026) — AI integration
- Multi-provider LLM analysis (Anthropic, OpenAI, Gemini, Ollama)
- AES-GCM encrypted API key storage
- Practice breakdown table with maturity bands
-
v2.0.0 (2026) — Major modernization
- AISVS framework adoption (14 controls replacing SAMM 5-domain model)
- Next.js 15, React 18, i18n support (EN/PT-BR)
-
v0.1.0 (2021–2023) — Original release
- Next.js 10, React 16, basic SAMM assessment functionality
Made with ❤️ by the OWASP Community
# AISVSwise