Graphael: Static AI/ML Supply-Chain Intelligence Without Code Execution
Subham R Bhuyan
Student @ PES University
View Profile
Arsenal Overview
Graphael is a static AI/ML supply-chain intelligence tool that analyzes source repositories without executing any target code.
As AI/ML systems grow increasingly dependent on third-party models, datasets, and packages, the attack surface of the software supply chain expands in ways that traditional Software Composition Analysis (SCA) tools are not built to handle.
Graphael addresses this gap by producing:
- Deterministic dependency graphs
- Package SBOM output
- CVE exposure reports
— entirely from repository-visible evidence.
Because it never installs, builds, or executes the target repository, Graphael can safely inspect untrusted or unfamiliar AI/ML codebases before they are onboarded or deployed.
About the Speaker
Subham R Bhuyan
Student @ PES University
Subham R Bhuyan is a final-year Computer Science Engineering student at PES University, with a deep interest in the intersection of AI and cybersecurity. He is a builder at heart — driven by a hands-on approach to product development that spans tooling, security research, and applied AI systems.
View Profile