Quickstart
Get Inkog scanning your AI agent codebase in under 60 seconds.
The fastest way to try Inkog is with our one-line installer. Works on macOS, Linux, and Windows (WSL).
Install in 30 Seconds
curl -fsSL https://inkog.io/install.sh | shGet Your API Key
- Sign up at app.inkog.io
- Generate an API key from your dashboard
- Set it in your environment:
export INKOG_API_KEY=sk_live_your_key_hereOne-Command Scan
Terminal
$inkog .
Inkog v1.0.0 - AI Agent Security Scanner
Scanning ./...
Analyzing Python files: 24 files
Analyzing JavaScript files: 12 files
Building IR graph...
CRITICAL INKOG-001 Prompt injection via user input
src/agent.py:42
User input directly concatenated into LLM prompt
HIGH INKOG-003 Memory poisoning vector
src/memory.py:89
Unvalidated data stored in persistent memory
MEDIUM INKOG-007 Chain-of-thought leakage
src/chain.py:156
Internal reasoning exposed in response
Found 3 vulnerabilities (1 critical, 1 high, 1 medium)
Scan completed in 2.3s
What Just Happened?
- Code Scanned: Inkog reads your local directory
- Secrets Redacted: Any credentials are redacted locally before upload (privacy first!)
- IR Generation: Inkog converts your code into our Universal IR (Intermediate Representation)
- Pattern Matching: Security rules are applied against the normalized IR
- Taint Analysis: Data flow is traced from sources (user input) to sinks (LLM calls)
- Report Generated: Vulnerabilities are reported with file locations and remediation hints
Output Formats
SARIF (for CI/CD integration)
Terminal
$inkog . --output sarif > results.sarif
JSON (for programmatic processing)
Terminal
$inkog . --output json > results.json
Filter by Severity
Only show critical and high severity issues:
Terminal
$inkog . --severity critical,high
Security Policies
Filter findings by security policy:
# Low noise - only proven vulnerabilities
inkog . --policy low-noise
# Governance-focused (Article 14 controls)
inkog . --policy governance
# EU AI Act compliance
inkog . --policy eu-ai-actNext Steps
Last updated on