Security AI for Magento 2

AI-Assisted CMS Security Scanning for Magento

Security AI continuously scans your Magento CMS blocks, pages, and widgets for injected malicious code, risky HTML patterns, and content security risks. It uses deterministic regex checks as the first line of defence — detecting inline scripts, event handlers, external iframes, suspicious assets, and exposed secrets — and then optionally calls AI Core to generate plain-language risk summaries when rule hits are found.

Every finding is surfaced in a clean admin grid under Towering Media → Security & Compliance → Content Security Scan, with entity type, severity, detected patterns, and an AI-generated explanation of the risk.

Deterministic checks: inline scripts, event handlers (onclick, onload, etc.)
Iframe detection with external domain flagging
External asset loading checks (CDN-hosted scripts, tracking pixels)
Exposed secrets detection (API keys, tokens in CMS content)
AI risk summaries via AI Core (only triggered when rule hits exist)
Scheduled full scans via Magento cron

Security AI admin — Security AI findings grid surfaces every CMS security risk with AI-generated explanations

AI-assisted security analysis — AI Core generates plain-language risk summaries so non-technical teams can act on findings

Real-Time Save-Triggered Scanning

Beyond scheduled cron runs, Security AI scans individual entities automatically when they are saved in admin. Every CMS page or block edit that introduces a new risk is flagged immediately — no waiting for the next nightly scan.

Because the AI summary layer only activates when deterministic rule hits are found, AI Core API credits are used efficiently. Clean content costs nothing; risky content gets a prioritised, actionable explanation that non-technical team members can act on without reading raw HTML.

Save-triggered single-entity scan on every CMS save event
Findings grid with entity name, type, severity, and pattern detail
AI risk summary only when deterministic check finds a hit (efficient API use)
Covers CMS pages, CMS blocks, and Magento widgets
Full scan CLI command for initial baseline audit

Requirements

Magento 2.4.4+ · PHP 8.1+
toweringmedia/module-ai-core
toweringmedia/module-base
Composer: toweringmedia/module-security-ai

Works Great With

Toweringmedia AI Core

Security AI runs its threat detection models through the AI Core provider layer.

Hyvä reCAPTCHA v3 Enterprise

Layer AI-powered fraud detection on top of enterprise-grade bot protection.

Nora AI

Run Nora's conversational AI alongside Security AI for a fully monitored storefront.

Frequently Asked Questions

Does Security AI require Toweringmedia AI Core to function?

Yes. Security AI uses AI Core for its ML model calls. An active AI Core license with a configured provider is required.

What kinds of threats does Security AI detect?

Security AI monitors for anomalous login patterns, credential-stuffing attacks, account-takeover signals, and suspicious order patterns using real-time AI scoring.

Is Security AI compatible with Hyvä themes?

Yes. The detection logic runs server-side and is completely theme-agnostic — it works with Hyvä, Luma, and React Checkout Pro storefronts.

Does it work with Magento 2.4.x?

Yes. Security AI is tested against Magento 2.4.6 and 2.4.7. PHP 8.1, 8.2, and 8.3 are all supported.

Can I whitelist trusted IPs or customer groups?

Yes. Whitelist rules can be defined by IP range or customer group, so known B2B customers and internal tools are never flagged.