-
-
Home Page
-
Results if no vulnerabilities are found
-
Results if vulnerabilities are found
🛡️ AICert: AI Security Certification Platform
Submission of Group 24 for HackEurope 2026, Security Track
🔗 Live Platform: aicert.lovable.app
Why This Matters
AI-powered applications are being shipped faster than ever. Most developers are experts in building features, not in adversarial machine learning or prompt security. The result: a growing ecosystem of LLM-powered products with no standardized security baseline, no audit trail, and no way for users or customers to know if an app has been hardened against AI-specific attacks.
Meanwhile, the threat landscape is accelerating. A college student with API access can now probe an LLM app for prompt injection, jailbreaks, and data exfiltration in minutes. Yet our defensive infrastructure remains fragmented and reactive.
This is the core insight behind BlueDot Impact's Defensive Acceleration philosophy: the best response to AI-enabled threats is not slowing down AI development, it is accelerating the defensive tools that keep pace with it.
AICert is our contribution to that mission. By giving developers a fast, automated, and standardized way to audit and certify their LLM applications, we create an incentive structure for security to be built in from the start, not bolted on after an incident. A certification badge in a README or product page is a small thing. The behavior change it drives is not.
Overview
AICert is a platform that analyzes codebases for AI/LLM security vulnerabilities and issues verifiable security certifications based on the OWASP Top 10 for LLM Applications.
Companies can submit their AI-powered projects for automated security scanning. The platform evaluates code against industry-standard security categories, including prompt injection, insecure output handling, sensitive information disclosure, and more, and assigns a certification tier (🥉 Bronze, 🥈 Silver, 🥇 Gold) based on the results.
Key Features
- Automated AI Security Analysis — Submit a GitHub repository and receive a detailed security audit
- OWASP LLM Top 10 Coverage — Scans for all major AI/LLM vulnerability categories
- Certification and Badges — Earn verifiable certifications with embeddable badges
- Public Verification — Anyone can verify a certification via a unique verification ID
- Real-time Scanning — Live progress tracking during analysis
Tech Stack
- Frontend: React, TypeScript, Tailwind CSS, Framer Motion
- Backend: Lovable Cloud (authentication, database, edge functions)
- AI Engine: Google Gemini (under the hood) for deep code security analysis, including static pattern detection, semantic reasoning over code structure, and natural language generation of findings and remediation advice
- Built with: Lovable
How It Works
- Sign up and create a company profile
- Submit a project with a GitHub repository URL
- Under the hood, the platform sends the repository to Google Gemini, which performs deep semantic analysis of the code against each OWASP LLM Top 10 category
- Receive a detailed report with findings, severity ratings, and remediation advice
- If the score meets the threshold, earn a verifiable security certification
Certification Tiers
| Tier | Score | Badge |
|---|---|---|
| Gold | 95+ | 🥇 |
| Silver | 85+ | 🥈 |
| Bronze | 70+ | 🥉 |
Certificates are publicly verifiable at a unique URL so anyone can confirm authenticity.
OWASP LLM Top 10 Coverage
AICert evaluates submissions against all ten categories from the OWASP Top 10 for LLM Applications:
| # | Category |
|---|---|
| LLM01 | Prompt Injection |
| LLM02 | Insecure Output Handling |
| LLM03 | Training Data Poisoning |
| LLM04 | Model Denial of Service |
| LLM05 | Supply Chain Vulnerabilities |
| LLM06 | Sensitive Information Disclosure |
| LLM07 | Insecure Plugin Design |
| LLM08 | Excessive Agency |
| LLM09 | Overreliance |
| LLM10 | Model Theft |
License
Built for HackEurope 2026 by Group 24.
Built With
- gemini
- lovable
- typescript
Log in or sign up for Devpost to join the conversation.