Secure Development with Python Plugin
To use the plugin in a Google Colab notebook or a Databricks notebook, follow the steps below:
-
Install the plugin.
pip install -U mais -
Create a new Manifest API Token for MAIS. This links the notebook to your Manifest account for policy enforcement and model tracking.
-
Navigate to Settings > API Tokens. This can be found under the section "Account":
-
Create a token with at least the following scopes
-
-
In Google Colab, add your Manifest API key.
-
Add your MANIFEST_API_KEY as a Google Colab secret
-
Assign your secret to the api_token variable.
``python api_token = userdata.get('MANIFEST_API_KEY') ``
-
-
In Databricks, add your Manifest API key
- Ensure your Databricks environment has a secret scope and key configured with Manifest API Key as a value: https://docs.databricks.com/aws/en/security/secrets/?language=Secrets%C2%A0utility%C2%A0%28dbutils.secrets%29#create-a-secret
- Assign your secret to the api_token variable:
api_token = dbutils.secrets.get(scope="mais", key="api-token")
-
Import and initialize the plugin. After successful initialization, MAIS will scan and analyze every cell before its execution, separately.
from mais import MAIS m = MAIS(api_token=api_token)To enable debug-level logging during initialization, pass
verbosity="DEBUG". This is useful for troubleshooting detection issues or inspecting the calls MAIS makes to the Manifest API.from mais import MAIS m = MAIS(api_token=api_token, verbosity="DEBUG")
-
Register your custom model to your Manifest inventory using the
register_modelfunction. All parameters are required: model name, model version, supplier, and country.m.register_model("model_name", "model_version", "supplier", "country")For example:
m.register_model("my_custom_model", "1.0", "Acme", "USA") -
Generate the SBOM. This will automatically generate an AI Bill of Materials (AIBOM) showing all model dependencies and risks.
m.create_sbom()Your Manifest dashboard will now show the new model with complete risk analysis, compliance status, and security documentation - demonstrating full AI governance in action.
Direct Python Usage
MAIS isn't limited to Jupyter — you can use it directly from any Python script, CI job, or service. Instantiating MAIS() outside of a notebook automatically installs script-mode hooks that mirror the per-cell behavior you get in Jupyter:
- One-shot scan of your entry script (
__main__) at construction time. - Per-module import hook (
sys.meta_pathfinder) that analyzes the source of each first-party module you import before it executes. Stdlib andsite-packagesmodules are skipped automatically — only your user code is scanned.
from mais import MAIS
# Instantiating MAIS in a regular script automatically:
# 1. Reads and analyzes the running script's source.
# 2. Installs an import hook so every user module you import next
# gets analyzed before it runs (just like a Jupyter cell).
m = MAIS(api_token="<manifest-api-token>", verbosity="DEBUG")
from transformers import AutoTokenizer
tokenizer = AutoTokenizer.from_pretrained("moonshotai/Kimi-K2-Instruct")
from datasets import load_dataset
dataset = load_dataset("ProlificAI/social-reasoning-rlhf")
# Methods like register_model() and create_sbom() work without any
# extra plumbing — MAIS uses the cached script source automatically.
m.register_model("my_custom_model", "1.0", "Acme", "USA")
m.create_sbom(path=".", publish=False)
# Need to detach the import hook (e.g. in tests)?
m.uninstall()Expected output (truncated):
MAIS [DEBUG]: Found dataset loading call: load_dataset('ProlificAI/social-reasoning-rlhf')
MAIS [DEBUG]: Datasets found: [{'title': 'ProlificAI/social-reasoning-rlhf', ...}]
MAIS [DEBUG]: Custom model registration → POST https://api.manifestcyber.com/v1/model-analysis/custom
MAIS [DEBUG]: Model '<id>' registered successfully
✅ SBOM Created — sbom.json written at .Example
Example #1: Risk assessment of a model registered in your organization’s inventory
Example #2: Risk Assessment of model not found in inventory
