AI Features
CyberOrigen leverages multiple AI providers to deliver intelligent security and compliance automation.
AI Providers
CyberOrigen supports multiple AI backends:
| Provider | Model | Use Case |
|---|---|---|
| Anthropic | Claude 3.5 Sonnet | Primary analysis |
| OpenAI | GPT-4o | Alternative analysis |
| Gemini Pro | Supplementary analysis |
Configure your preferred provider in Settings → AI Configuration.
Intelligent Vulnerability Triage
Automatic Prioritization
AI analyzes vulnerabilities considering:
- CVSS Score: Base severity rating
- Exploitability: Known exploits in the wild
- Business Context: Asset criticality
- Attack Surface: Exposure level
- Dependencies: Related vulnerabilities
Example AI Analysis
┌────────────────────────────────────────────────────────────┐
│ AI Priority Assessment: CVE-2024-1234 │
├────────────────────────────────────────────────────────────┤
│ Base CVSS: 7.5 (High) │
│ AI Adjusted Priority: CRITICAL │
│ │
│ Reasoning: │
│ • Active exploitation detected in threat intelligence │
│ • Affects internet-facing production system │
│ • No authentication required for exploitation │
│ • Patch available but not yet applied │
│ │
│ Recommendation: Patch within 24 hours │
└────────────────────────────────────────────────────────────┘AI-Powered Remediation
Step-by-Step Guidance
AI generates context-aware remediation instructions:
markdown
## Remediation Steps for CVE-2024-1234
Based on your detected configuration (nginx 1.22 on Ubuntu 22.04):
1. **Backup current configuration**
```bash
sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.backupUpdate nginx to patched version
bashsudo apt update sudo apt install nginx=1.24.0-1ubuntu1Verify the update
bashnginx -vRestart the service
bashsudo systemctl restart nginxVerify fix Run a targeted rescan to confirm remediation.
### Code Suggestions
For application vulnerabilities, AI provides code fixes:
```python
# Vulnerable code detected
user_input = request.args.get('id')
query = f"SELECT * FROM users WHERE id = {user_input}"
# AI-suggested fix
user_input = request.args.get('id')
query = "SELECT * FROM users WHERE id = %s"
cursor.execute(query, (user_input,))Compliance Assistant
Control Implementation Guidance
AI helps implement compliance controls:
User: "How do I implement SOC 2 CC6.1 Access Control?"
AI Response:
CC6.1 requires logical access controls to protect information assets. Based on your infrastructure, I recommend:
- Authentication: Implement SSO with MFA
- Authorization: Use RBAC with least privilege
- Monitoring: Enable access logging
- Review: Set up quarterly access reviews
Would you like me to generate specific IAM policies?
Gap Analysis
AI identifies compliance gaps:
┌─────────────────────────────────────────────────────────────┐
│ ISO 27001 Gap Analysis │
├─────────────────────────────────────────────────────────────┤
│ Current Coverage: 72% │
│ │
│ Critical Gaps Identified: │
│ │
│ 1. A.12.3.1 - Information Backup │
│ Status: Not Implemented │
│ AI Recommendation: Enable automated backups for your │
│ database and object storage with versioning. │
│ │
│ 2. A.16.1.2 - Reporting Security Events │
│ Status: Partially Implemented │
│ AI Recommendation: Configure monitoring alerts to │
│ integrate with your incident response workflow. │
└─────────────────────────────────────────────────────────────┘Evidence Generation
AI assists with evidence collection:
Automatic Evidence Suggestions
Based on control requirements, AI suggests:
- Screenshots to capture
- Logs to export
- Configurations to document
- Policies to reference
Evidence Description Generation
AI writes evidence descriptions:
Control: CC6.7 - Encryption at Rest
Evidence Type: Configuration Screenshot
AI-Generated Description:
"This screenshot from the database console demonstrates that
encryption at rest is enabled for the production database.
The encryption uses a customer-managed encryption key.
This configuration satisfies the SOC 2 CC6.7 requirement
for protecting stored information using encryption."Risk Assessment
AI Risk Scoring
AI provides risk assessments considering:
- Threat likelihood
- Business impact
- Control effectiveness
- Historical data
- Industry benchmarks
Risk Narrative Generation
AI generates risk narratives for reports:
The assessment identified 5 high-severity vulnerabilities
in the production environment, representing a significant
increase from the previous quarter. The primary risk driver
is the delayed patching of critical infrastructure components.
Without remediation, the organization faces potential
regulatory penalties (estimated $2M based on similar GDPR
cases) and reputational damage. Recommended actions include
implementing automated patch management and increasing
security team capacity.Natural Language Queries
Ask questions in plain English:
- "What are our biggest security risks right now?"
- "Which controls are failing for PCI-DSS?"
- "Show me all critical vulnerabilities discovered this week"
- "What evidence do I need for the upcoming SOC 2 audit?"
AI Settings
Configuration Options
| Setting | Description | Default |
|---|---|---|
| Primary Provider | Main AI service | Anthropic |
| Fallback Provider | Backup AI service | OpenAI |
| Auto-Triage | Automatic vulnerability prioritization | Enabled |
| Evidence Assist | AI evidence suggestions | Enabled |
| Risk Narratives | AI-generated risk text | Enabled |
Privacy & Security
- AI queries are encrypted in transit
- Sensitive data is redacted before processing
- No customer data is used for training
- All AI interactions are logged for audit
API Access
Use AI features programmatically:
bash
# AI vulnerability analysis
POST /api/v1/ai/analyze-vulnerability
{
"vulnerability_id": "vuln_123",
"context": "production_environment"
}
# AI compliance guidance
POST /api/v1/ai/compliance-assist
{
"control_id": "SOC2_CC6.1",
"question": "How do I implement this?"
}
# AI risk assessment
POST /api/v1/ai/risk-assess
{
"asset_id": "asset_456"
}