Dev security scanners for AI and code now span classic software checks and new model‑centric analyses. This topic covers tools that scan source code (SAST), open‑source components (SCA), prompts and agent chains for prompt‑injection, model artifacts and training datasets for leakage or poisoning, and runtime monitors for anomalous model behavior. Both open‑source and commercial offerings are evolving to integrate into CI/CD and MLOps pipelines and to feed enterprise governance and audit systems. Relevance (2026): increased enterprise AI deployment, regulatory scrutiny, and high‑profile model incidents have pushed organizations to adopt layered scanning—before deployment, in training pipelines, and at runtime. Scanners are now expected to produce machine‑readable evidence for compliance, integrate with policy controls, and scale across agent platforms and virtual assistants. Key categories and examples: traditional SAST/SCA tools remain important for code and dependency risks; model‑risk scanners and dataset analyzers detect data leakage, PII and licensing problems; prompt and agent scanners detect prompt injection and unsafe orchestration patterns; red‑teaming and fuzzing frameworks exercise models under adversarial inputs; runtime anomaly detection provides continuous monitoring. Commercial products—illustrated by recent vendor offerings such as Perplexity’s Bumblebee—emphasize integrated developer workflows, vendor support and compliance reporting. Open‑source projects offer transparency and customization for research and internal validation. How this fits with governance platforms: enterprise governance platforms (e.g., Monitaur) and model providers/platforms (e.g., Mistral AI, IBM watsonx Assistant, StackAI, Lindy) are where scanners must plug in—providing policy enforcement, monitoring, and evidence capture. Choosing between open and commercial scanners is a tradeoff among transparency, integration, scale, and regulatory support; realistic programs combine both types across the SDLC and MLOps lifecycle.