🏥 Health Tech · HIPAA · HITRUST · SOC2

Your AI stack probably
fails your next HIPAA audit.

Nixer audits AI agents, LLMs, code repos, CI/CD pipelines, and cloud configs for the exposures HIPAA/HITRUST/SOC2 auditors are starting to ask about — and most health tech teams have never tested.

⚠️ 11/12 top AI repos vulnerable — CVE-2026-2287 deep-dive
🏆 Live Risk Leaderboard + badge for every repo
⚙️ GitHub Action — scans every PR automatically

Your AI stack has PHI in the loop.
Most HIPAA controls don't cover it yet.

Three attack surfaces that go undetected in traditional HIPAA assessments — and show up in every Nixer scan of a health tech stack.

🔒

HIPAA + AI = Unmapped Attack Surface

HIPAA's Security Rule was written for structured EHR databases, not LLM APIs with unrestricted context windows. Your clinical AI now processes unstructured notes, lab results, and patient history — none of which maps cleanly to §164.312 controls. Auditors are starting to ask, and most teams don't have answers.

prompt-injection-unvalidated-input
💉

Clinical LLMs Leaking PHI via Prompt Injection

Indirect prompt injection — where malicious instructions hidden in patient records, referral notes, or lab attachments redirect your LLM's output — is the most underdetected threat in health tech AI right now. One poisoned intake form can instruct your agent to exfiltrate records to an attacker-controlled endpoint. Nixer detects injection-vulnerable input pipelines before they reach your models.

indirect-prompt-injection
🤖

Agent Frameworks with Tool Access to Patient Data

CrewAI, LangChain, and LlamaIndex agents are being deployed with EHR tool access, scheduling APIs, and internal knowledge bases. These frameworks have documented CVEs — sandbox escapes, deserialization vulnerabilities, tool-call poisoning — that create direct paths to patient data. Nixer maps your agent dependency tree and surfaces exploitable paths before your next audit.

agent-framework-cve

Everything Nixer Audits for Health Tech

A single scan run covers the full attack surface your clinical AI touches — not just the model layer.

🤖

AI Agents & Configs

Agent definitions, system prompts, tool registrations, and MCP server configs scanned for injection vectors, over-privileged tool access, and unsafe output routing.

✓ Covers PHI agent access
🧠

LLM Integration Points

Input sanitization gaps, prompt construction patterns, and context window injection paths in the application code that calls your clinical LLM APIs.

✓ Catches injection paths
📁

Code Repositories

Source code scanned for hardcoded credentials, insecure dependencies, CVE-tracked frameworks, and secrets in version control — the most common HIPAA audit finding.

✓ No secrets in code
⚙️

CI/CD Pipelines

GitHub Actions, GitLab CI, and build workflows audited for workflow injection, unpinned actions, and GITHUB_TOKEN over-exposure — attack chains that reach production PHI.

✓ Supply chain checks
🏗

Architecture & Threat Model

LLM-assisted analysis of your system design for mismatched trust boundaries, missing access controls between agent layers, and PHI flow paths that bypass audit logging.

✓ Trust boundary analysis
☁️

Cloud & IAM

Cloud configs and IAM policies reviewed for over-privileged agent service accounts, misconfigured PHI storage buckets, and cross-account access patterns.

✓ IAM blast radius

Nixer Findings → HIPAA, HITRUST, SOC2

Every finding Nixer surfaces maps directly to the controls auditors check. Here's what lands in your audit report.

Nixer Finding HIPAA Security Rule HITRUST Control SOC2 Criteria
Prompt Injection in Clinical LLM
prompt-injection-unvalidated-input
§164.312(a)(1) — Access Control Control 09.ab — Monitoring System Use CC6.1 — Logical and Physical Access
PHI Exfiltration via Tool Call
agent-tool-call-data-exfil
§164.312(e)(1) — Transmission Security Control 09.s — Information Leakage CC6.7 — Restricts Transmission of ePHI
Insecure Agent Framework (CVE)
agent-framework-cve
§164.308(a)(5) — Security Awareness Control 10.m — Control of Technical Vulnerabilities CC7.1 — Detects and Monitors for Vulnerabilities
Workflow Injection in CI/CD
pwn-request-workflow
§164.312(b) — Audit Controls Control 09.aa — Audit Logging CC8.1 — Change Management
Hardcoded Credentials / Secrets
hardcoded-secrets
§164.308(a)(3) — Workforce Access Management Control 01.a — Access Control Policy CC6.3 — Access Based on Least Privilege
Train Your Team

AI Security Curriculum — Free to Start

Four free modules on prompt injection, tool abuse, RAG poisoning, and CI/CD pipeline security. Built for developers and security engineers shipping AI in regulated industries.

4 free modules
120+ min of content
17+ detection rules covered
View Curriculum Start Module 1 Free

Get ahead of the HIPAA AI audit.

Book a 20-minute demo and we'll walk through a live scan of your AI stack — or a comparable health tech repo — and show you exactly what auditors will find.