AI Assistant
In-context assistants
Besides the full-page AI Assistant, ThreatWeaver puts focused AI helpers right where the work happens. This page covers two of them: the AI Assistant tab in Exposure Management — its own tab, sitting alongside Remediation rather than inside it — and the read-only Ask experience over your asset inventory in Cyber Asset Management.
What it's for
- Turn a vulnerability into action — generate a fix plan, a ticket, a summary, or a root-cause analysis without leaving Exposure Management.
- Question your inventory in plain language — ask about missing agents, coverage gaps, controls, and asset relationships, and see exactly what will be answered before any data is returned.
- Stay safe by design — the Ask experience is strictly read-only, and the AI Assistant tools produce drafts for you to review, copy, and use.
The AI Assistant tab (Exposure Management)
In the Exposure Management workspace, AI Assistant is its own tab — a sibling of Remediation, not nested inside it. You can also reach it from AI Labs in the left navigation, which opens the same tab. It shows a row of tabs across the top, each a self-contained tool. Switch tabs to pick the task you need.
The tools
| Tab | What it produces |
|---|---|
| Fix Plan Generator | A step-by-step remediation plan with rollback guidance for a chosen vulnerability. |
| Ticket Writer | A ready-to-paste remediation ticket for your issue tracker, for one vulnerability or several at once. |
| Executive Summary | A board-ready written summary of your security status, tuned to your audience. |
| Root Cause Analyzer | An analysis of why a vulnerability exists and where it comes from. |
| Exception Assistant | A recommendation on whether — and how — to grant an exception, based on your justification and existing controls. |
| AI Chat | An open-ended chat advisor for questions about vulnerabilities, remediation, and security best practice. |
Administrators can turn individual tools on or off, so you may see a subset of these tabs. Setting up the underlying AI provider is an administrator task — see Admin.
Common controls
Most of the generator tools share the same shape.
| Control | What it does |
|---|---|
| Search Database / Manual Input toggle | Choose whether to pick an existing vulnerability from your data (Search Database) or describe one yourself (Manual Input). |
| Vulnerability picker | In Search mode, find and select the vulnerability (or vulnerabilities) to work on. |
| Detail fields | In Manual mode, fill in what you know — a description, a CVE identifier, severity, the affected system, and similar. Fields marked with an asterisk are required. |
| Generate button | Produces the result. A progress placeholder appears while the assistant works. |
| Result panel | Shows the generated output, formatted and ready to copy. |
Each tool adds the fields it needs:
- Ticket Writer lets you select up to ten vulnerabilities at once and set a Priority, then generates one ticket per vulnerability.
- Executive Summary offers an Auto-Fill button that populates the context with real metrics from your environment, a Key Metrics field, and a Target Audience choice (C-suite, Technical, or Board).
- Root Cause Analyzer adds an Environment field (for example a network zone) to sharpen the analysis.
- Exception Assistant asks for your business justification and any compensating controls already in place.
- AI Chat keeps a list of past conversations with a New Chat button, and a message box where you type and send questions.
AI Settings and Sensors
Two more tabs in the same row handle configuration rather than day-to-day AI tasks:
| Tab | What it's for |
|---|---|
| Sensors | Connect and manage local AI compute agents ("sensors") so your own on-premises or private AI infrastructure can serve personal or organization-wide AI requests, instead of routing through a cloud provider. Shows each sensor's connection status, models, and load, and lets you deploy a new one. |
| AI Settings | Where an administrator configures which AI provider your workspace uses, plus governance, prompt, usage, and cost policies. Everyone can see their own usage and request logs here; the deeper configuration tabs are admin-only. |
If you see a message that no AI provider is configured, or that a proposed provider isn't approved, ask your administrator to set one up in AI Settings — reachable from this tab or from AI Labs in the left navigation. See Admin.
Ask (over your asset inventory)
In Cyber Asset Management, the Ask experience lets you ask plain-language questions about your assets — and shows you the plan for how it will answer before returning any data. Every question is answered read-only: Ask never changes, imports, or removes anything.
Every control explained
| Control | What it does |
|---|---|
| Query box | Type your question — for example, which endpoints are missing a particular agent, your top critical assets, or a host by name. |
| AI-assisted parsing | An optional checkbox. When ticked, the wording of your question is interpreted more flexibly; the answer still comes only from the same approved, read-only plan. |
| Preview plan | Works out how your question would be answered — the route, filters, and safety checks — without returning any data. |
| Run read-only | Runs the planned, read-only lookup and shows the results. |
| Examples | A set of one-click sample questions to get you started. |
| Save query | Saves the current question so you can rerun it later. |
| Saved queries | Your saved questions, shared with your workspace where available. Click one to load it; remove any you no longer need. |
| Recent runs | A history of questions you've previewed or run, for quick reruns. Clear empties the list. |
The guardrails, plan, and result panels
- Guardrails — a panel that spells out what Ask will and won't do: no imports or changes, no ticket or notification actions, no arbitrary database access, and relationship views stay preview-only until you select an exact asset.
- Plan — after you preview or run, this shows how your question was understood: the detected intent, a confidence figure, the filters applied, and any warnings. If a question can't be answered, it explains why.
- Result — the data itself, shown in the right shape for the question: a table of matching assets, a coverage-gap breakdown, a relationship map for a selected asset, a catalogue of security controls, or cross-module context cards — Vulnerabilities, Threat context, and Attack paths for a selected asset, each with a deep link into the module that owns that data.
- Graph join contracts — a readiness panel reporting, family by family, whether a graph or Ask join is ready, module-gated (behind another module), contract-needed (waiting on a stable data contract), or deep-link-only (answered by linking out rather than joining in place) — along with any feature flags still required to unlock it. Use it to understand why a particular join isn't available yet.
Common workflows
Workflow: draft a ticket from a real vulnerability
-
In Exposure Management, open the AI Assistant tab (or AI Labs in the left navigation) and choose the Ticket Writer tab.
Step 1 — the Ticket Writer tab -
Keep Search Database selected and pick one or more vulnerabilities (up to ten). Set the Priority.
Step 2 — selecting vulnerabilities and a priority -
Click Generate. Review the drafted ticket, then use Copy to paste it into your issue tracker.
Step 3 — the generated ticket ready to copy
Workflow: ask about coverage gaps, safely
-
In Cyber Asset Management, open Ask and type a question — for example, which endpoints are missing a required agent.
Step 1 — typing a question in the Ask box -
Click Preview plan to see exactly how it will be answered, and confirm the filters and guardrails look right.
Step 2 — the plan preview with filters and guardrails -
Click Run read-only to return the results. If you'll want the question again, click Save query.
Step 3 — the read-only results table