CyfroSec

CyfroAI Engine

CyfroAssistant

CyfroAssistant is your AI-powered security analyst, available directly inside the CyfroSec Portal. It understands your specific infrastructure — your agents, scan results, vulnerabilities, topology — and lets you query it all in natural language, without writing queries or complex terminologies. It can also take specific actions once permission is provided by the user.

Beta: CyfroAssistant is currently in beta. The Core functionality is stable, but the feature set is actively expanding.

Starting a Conversation

When you open CyfroAssistant for the first time (or start a new conversation), you land on an empty canvas with four clickable suggestion cards/function calls:

SuggestionWhat it does
Analyze latest security scanRetrieves and summarises your most recent scan results
Show security insightsSummarises AI-generated insights from recent scans
List active agentsShows all currently online CyfroAgents in your account group
Get scan summaryProvides a high-level overview of scan coverage and findings

Click any card to send that query immediately, or type your own question in the input box at the bottom.

To send a message: Type in the text box and press Enter (or click the Send button).

Press Shift + Enter to add a line break without sending.

A new conversation session is created automatically the first time you send a message, using the first 50 characters of your message as its title.

The Chat Interface

1. Message Streaming

Responses stream token-by-token in real time. While the assistant is working, the header shows one of three status badges:

  1. 1Thinking: The assistant is reasoning through your query
  2. 2Working: The assistant is executing tools or fetching data
  3. 3Generating: The assistant is writing its response

A Stop button appears in the input area while streaming. Clicking it cancels the current response immediately.

2. Human-in-the-Loop Approvals

For certain actions, particularly those that write data or carry higher risk, the assistant will pause and present an approval card before proceeding. The card shows:

  1. 1What action is being requested
  2. 2The risk level (Low / Medium / High / Critical)
  3. 3AI-generated explanation of what will happen
  4. 4Approve and Deny buttons

You must actively approve or deny before the assistant continues. Approvals are single-use and expire after a set period.

3. Workspace Panel

A collapsible right panel (click the panel toggle in the chat header) provides three tabs for deeper inspection:

TabContents
TasksCheckbox-style progress list of the steps the assistant is executing in real time
ArtifactsAny files, data exports, or generated content produced during the conversation
Tool OutputRaw arguments and results from each tool call — useful for auditing what data the assistant read or wrote

What You Can Ask

CyfroAssistant is aware of your infrastructure context and can answer questions such as:

Scan and vulnerability queries:

  1. 1"Which hosts have Critical CVEs?"

Agent and asset queries:

  1. 1"List all active agents."
  2. 2"Which agents haven't run a scan in the last 24 hours?"

Insights and risk queries:

  1. 1"What are my highest risk findings this week?"
  2. 2"Are any of my exposed services flagged as reachable?"
  3. 3"Give me an executive summary of my current security posture."

Platform how-to questions:

  1. 1"How do I create a new test?"
  2. 2"What does an Account Group Admin have access to?"
  3. 3"How do I register a new agent?"

The assistant uses your actual scan data, agent status, vulnerability findings, and AI insight records to answer infrastructure-specific questions, and references product documentation for how-to queries. AI can make mistakes, please make sure to verify.

Plan Mode

Plan Mode lists a series of tasks which are to be executed in order for fulfilling the user's request, ranging from changing configurations or applying fixes. The tasks will be executed based on the user's approval.