LLM Readiness Score: Is Your Codebase Safe for AI Agents?
The problem
When you point an LLM coding agent at your repo, it reads everything — source files, configs, environment files, lock files. It doesn’t distinguish between safe code and a hardcoded AWS secret. Whatever’s in the repo goes into the context window, and from there into logs, suggestions, or API calls.
This isn’t theoretical. A leaked .env file, a committed private key, a dependency with a known CVE — any of these become part of the prompt. The agent might echo a secret in a code suggestion. It might build on top of a vulnerable dependency without flagging it. It might reference a sensitive config pattern in a way that ends up in a shared conversation.
The question isn’t whether your code works. It’s whether your code is safe to share with a machine that will read all of it, process it externally, and generate output based on it.
The score
The Rta Security Scanner now produces an LLM Readiness Score — a percentage from 0 to 100 that answers that question. It runs five checks against your codebase, counts what it finds, and produces a single number with a band rating.
The output looks like this:
LLM Readiness Score: 94% [Band A] — Ready — safe for LLM-assisted development
Four bands:
| Band | Score | Meaning |
|---|---|---|
| A | 90-100 | Ready - safe for LLM-assisted development |
| B | 70-89 | Caution - review findings before LLM use |
| C | 40-69 | At Risk - remediate issues before LLM use |
| D | 0-39 | Unsafe - do not use with LLM agents |
How it works
The score starts at 100 and deducts points based on findings from five checks:
Secret Detection — committed secrets (API keys, tokens, passwords) in your git history. Each secret found costs 15 points. A single leaked key drops you to Band B. Three or more and you’re in Band C.
Secret Baseline — new secrets not yet tracked in your baseline. Each costs 10 points. This catches secrets introduced since your last scan.
Static Analysis — code vulnerabilities and misconfigurations. Errors cost 8 points each, warnings cost 3, informational findings cost 1. A handful of missing SRI attributes won’t kill your score. A SQL injection will.
Dependency Scan — known CVEs in your dependency tree. Critical CVEs cost 10 points each, high-severity cost 5. An unpatched critical vulnerability in a direct dependency can drop your score by a full band.
Sensitive File Detection — files that should never be in a repo: .env, .pem, .key, credentials.json, database files, private keys. Each costs 8 points. These are the files most likely to leak data through an LLM’s context window.
Every deduction category has a cap to prevent a single check from zeroing out the score. The final number reflects the aggregate risk across all five dimensions.
Why a score matters
Security scan output is noisy. Twenty JSON files across four tools, each with different severity scales and output formats. Nobody reads all of it. A score compresses that into a decision: can I use this codebase with an LLM agent right now, or do I need to fix something first?
It also creates a baseline you can track over time. Run it in CI on every push. If the score drops below 70, block the merge. If it stays above 90, your team knows the repo is clean enough for agent-assisted development without worrying about what the agent might see.
Get access
The Rta Security Scanner is currently in private beta. If you want to run the LLM Readiness Score against your codebase, reach out to us for a demo.