Graphael: Static AI/ML Supply-Chain Intelligence Without Code Execution
Dr. Sapna V M&Prof. Prasad B Honnavalli&Subham R Bhuyan
Associate Professor @ PES University
View Profile
Arsenal Overview
Graphael is a static AI/ML supply-chain intelligence tool that analyzes source repositories without executing any target code.
As AI/ML systems grow increasingly dependent on third-party models, datasets, and packages, the attack surface of the software supply chain expands in ways that traditional Software Composition Analysis (SCA) tools are not built to handle.
Graphael addresses this gap by producing:
- Deterministic dependency graphs
- Package SBOM output
- CVE exposure reports
— entirely from repository-visible evidence.
Because it never installs, builds, or executes the target repository, Graphael can safely inspect untrusted or unfamiliar AI/ML codebases before they are onboarded or deployed.
About the Speakers
Dr. Sapna V M
Associate Professor @ PES University
Dr. Sapna V M is an Associate Professor in Computer Science and Engineering with 14+ years of academic and research experience. She has published several research papers in reputed journals and conferences and actively participates in cybersecurity and digital forensics initiatives including Black Hat.
View Profile
Prof. Prasad B Honnavalli
Professor @ PES University
Prof. Prasad B Honnavalli is a Professor in Computer Science and Engineering with expertise in Information Security, Networks, and Internet of Things. He is the Director of the PESU Centre for Information Security, Forensics and Cyber Resilience (C-ISFCR) and the PESU Centre for Internet of Things with a focus on Security (C-IoT).
View Profile
Subham R Bhuyan
Student @ PES University
Subham R Bhuyan is a final-year Computer Science Engineering student at PES University, with a deep interest in the intersection of AI and cybersecurity. He is a builder at heart — driven by a hands-on approach to product development that spans tooling, security research, and applied AI systems.
View Profile