Nexum scans MCP servers and OpenAPIs for agentic risk patterns. Deterministic. No LLM. In seconds.
Upload a JSON or YAML file — MCP server definition or OpenAPI spec. Get a Risk Score and downloadable Trust Manifest PDF in seconds.
.json · .yaml · .yml
MCP server definitions and OpenAPI 3.x supported
Every finding shown here is from a real public API scan.
From our scan of 2,608 public APIs.
Admin endpoints expose token credentials in query strings — visible in every agent HTTP log.
Token-bearing payment endpoints appear in agent request logs, leaking credentials on every call.
Bulk-delete operations without resource scope — a single agent call can destroy an entire fleet.
API token parameters in query strings across 7 endpoints, exposed in every agent request log.
Drop any MCP server definition or OpenAPI 3.x spec — JSON or YAML. No account required. Nothing is stored.
Zero LLM. Zero guessing. Nexum applies five static analysis rules designed for agentic threat models: auth leakage, destructive ambiguity, unbounded scope, idempotency, schema volatility.
Receive a Risk Score, a Risk Tier (0–2), and a portable Trust Manifest PDF. Add the badge to your README. Ship with confidence.
Each rule targets a failure mode specific to AI agents — not generic API bugs.
Credentials transmitted via query string. An agent that logs its own HTTP calls will expose secrets in plain text.
Delete or purge operations without a specific resource ID. Agents acting on ambiguous endpoints can wipe entire datasets in a single call.
Wildcard parameters or destructive operations without required filters. A single misconfigured agent call can affect every resource in scope.
Mutation endpoints that lack an Idempotency-Key mechanism. Retry loops in agents can silently duplicate state-changing operations.
additionalProperties: true on mutation schemas.
Agents can silently write arbitrary fields — a vector for prompt injection via data.
A Trust Manifest is a machine-readable JSON artifact that summarises every risk finding, the inferred Risk Tier, and any fields that require human review before an agent is authorized to use the API.
It is designed to be committed alongside your API spec — a signed declaration that the surface has been audited for agentic misuse.
"manifest_version": "1.0-draft", "inferred_risk_tier": 2, "nexum_risk_score": 85, "model_compatibility_range": "REQUIRES_HUMAN_REVIEW", "findings_summary": [ { "rule_id": "NEXUM-001", "severity": "CRITICAL", "path": "/v1/auth", "method": "GET" } ], "manual_review_required": [ "auth_leakage_remediation", "destructive_scope_audit" ]