analyze_ai_content_security_audit

This module is part of the AI module ecosystem and included in DXPR CMS.

Sensitive Data Leaks in Content Are Invisible Until They're Not

A support article accidentally includes a customer's email. A developer pastes an API key into a documentation page. A case study reveals a client's internal project name. These things happen - and by the time someone notices, the damage is done. This module scans every piece of content for security risks before they become incidents.

You need AI Content Security Audit if

• Your content includes real customer data, internal systems, or technical details that could leak
• Compliance regulations (GDPR, HIPAA, SOC 2) require you to prevent PII disclosure in published content
• Developers or technical writers contribute content that may contain credentials, API keys, or tokens
• You want automated screening of content before publication, not manual review that misses things

What You Get

• Risk score per page (0-100)

  Every content entity gets a security risk score per detection vector - 0 means no risk, 100 means critical. Displayed as a visual gauge so editors immediately see which pages need attention.

• Built-in detection for common leaks

  Ships with two security vectors ready to go:

  • PII Disclosure - names, addresses, phone numbers, SSNs, email addresses
  • Credentials Disclosure - API keys, passwords, tokens, database credentials
• Custom security vectors

  Add your own detection vectors for organization-specific risks - proprietary project names, internal URLs, partner data, anything your security policy requires.

• Batch scanning for existing content

  Audit your entire content library to find pages that were published before security review was in place. Prioritize remediation by risk score.

• AI Coding Assistant Integration

  Security audit analysis is available to AI coding
  assistants through the Analyze module's built-in
  Agent
  Skills file. Run
  drush analyze:setup-ai to enable, then ask
  naturally:

  • "Scan all content for security risks"
  • "Check if any pages expose PII or
    credentials"
  • "Run a security audit on all published
    articles"

  Compatible with Claude Code, Codex CLI, Gemini CLI,
  GitHub Copilot, Cursor, and other tools supporting the
  standard.

Getting Started

1. Set up an AI provider at /admin/config/ai/providers
2. Review security vectors at /admin/config/analyze/content-security-audit (or add custom ones)
3. Enable the analyzer per content type at /admin/config/content/analyze-settings
4. Open any content entity's Analyze tab to see risk scores

Prefer a turnkey demo site?

Spin up DXPR CMS - Drupal pre-configured with DXPR Builder, DXPR Theme, the full Analyze suite including AI Security Audit, and security best practices out of the box.

Get DXPR CMS »

Additional requirements

This module requires:

• Analyze module (>=1.1.0)
• AI module with a configured chat provider
• Views Color Scales module