This module is part of the AI module ecosystem and included in DXPR CMS.
Sensitive Data Leaks in Content Are Invisible Until They're Not
A support article accidentally includes a customer's email. A developer pastes an API key into a documentation page. A case study reveals a client's internal project name. These things happen - and by the time someone notices, the damage is done. This module scans every piece of content for security risks before they become incidents.
You need AI Content Security Audit if
- Your content includes real customer data, internal systems, or technical details that could leak
- Compliance regulations (GDPR, HIPAA, SOC 2) require you to prevent PII disclosure in published content
- Developers or technical writers contribute content that may contain credentials, API keys, or tokens
- You want automated screening of content before publication, not manual review that misses things
What You Get
-
Risk score per page (0-100)
Every content entity gets a security risk score per detection vector - 0 means no risk, 100 means critical. Displayed as a visual gauge so editors immediately see which pages need attention.
-
Built-in detection for common leaks
Ships with two security vectors ready to go:
- PII Disclosure - names, addresses, phone numbers, SSNs, email addresses
- Credentials Disclosure - API keys, passwords, tokens, database credentials
-
Custom security vectors
Add your own detection vectors for organization-specific risks - proprietary project names, internal URLs, partner data, anything your security policy requires.
-
Batch scanning for existing content
Audit your entire content library to find pages that were published before security review was in place. Prioritize remediation by risk score.
-
AI Coding Assistant Integration
Security audit analysis is available to AI coding
assistants through the Analyze module's built-in
Agent
Skills file. Run
drush analyze:setup-aito enable, then ask
naturally:- "Scan all content for security risks"
- "Check if any pages expose PII or
credentials" - "Run a security audit on all published
articles"
Compatible with Claude Code, Codex CLI, Gemini CLI,
GitHub Copilot, Cursor, and other tools supporting the
standard.
Getting Started
- Set up an AI provider at /admin/config/ai/providers
- Review security vectors at /admin/config/analyze/content-security-audit (or add custom ones)
- Enable the analyzer per content type at /admin/config/content/analyze-settings
- Open any content entity's Analyze tab to see risk scores
Prefer a turnkey demo site?
Spin up DXPR CMS - Drupal pre-configured with DXPR Builder, DXPR Theme, the full Analyze suite including AI Security Audit, and security best practices out of the box.
Additional requirements
This module requires:
- Analyze module (>=1.1.0)
- AI module with a configured chat provider
- Views Color Scales module
Supporting organizations:
Main sponsorship
Project information
- Project categories: Administration tools, Automation, Security
277 sites report using this module- Created by jurriaanroelofs on , updated
Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.
