CyfroAI Engine
CyfroAI Insights
CyfroAI Insights are generated automatically after a scan interval completes. You do not need to click anything to trigger analysis. As long as scans are running and vulnerabilities/misconfigurations/secrets are found, CyfroAI Insights will appear.
Our CyfroAI Engine receives the raw scan findings (open ports, detected CVEs, misconfigurations, exposed secrets) alongside network topology context (which hosts are reachable from where) and produces:
- 1An Executive Summary: An easily understandable overview of the most important security findings from that scan run.
- 2A Prioritized Risk List: Vulnerabilities re-ranked using exposure correlation, not just CVSS severity alone.
Executive Summary
An easily understandable summary of who is affected and what matters the most at a glance. A gradient card (Brain icon header) containing AI-generated paragraphs that describe:
- 1The overall security posture from this scan.
- 2The most significant findings in plain language.
- 3Any patterns or correlations across multiple findings.
CVE IDs mentioned in the summary are automatically linked to the corresponding entry in the Report page. Click any CVE ID to jump directly to its full detail.
Prioritized Risks
A ranked list of the most important vulnerabilities from this scan, sorted by AI-assessed effective risk rather than raw CVSS score alone. Each risk card can be expanded for full detail.
Collapsed card view:
| Element | Description |
|---|---|
| Rank | AI-assigned priority order (1 = highest risk) |
| Base Severity | Original scanner severity: Critical / High / Medium / Low |
| Effective Risk | AI-adjusted severity after factoring in exposure and reachability |
| CVE / Finding ID | The vulnerability identifier (monospace) |
| Reachable badge | Animated badge shown when the finding is confirmed reachable from outside your local network |
| Exposure status | Exposed (red), Local Only (amber), or Unconfirmed (blue) |
| Title | Short description of the vulnerability |
| Open in Reports | Deep link to the Report page pre-filtered to this specific finding |
Expanded card view:
| Section | Description |
|---|---|
| Target | The host or IP address affected |
| Package | The software package or service version where the vulnerability was found |
| CVSS Score | Numeric score from the vulnerability database |
| Reachability Confidence | A 0–100% bar showing how confident the AI is that this finding is network-reachable |
| Reasoning & Context | AI explanation of why this finding was prioritized, including infrastructure context |
| Recommended Action | The single most important remediation step in easily understandable language |
| OS Remediation Commands | Ready to run shell commands for patching, broken out by OS (Linux, macOS, Windows) where available |
| Correlation Evidence | Technical notes on how exposure was assessed (network path data, open port correlation, etc.) |
Use Expand All / Collapse All at the top of the section to open or close all cards at once.
Source Types
AI Insights can be generated from three types of scans:
| Source Type | Description |
|---|---|
| Network Discovery | Insights derived from network scanning results. Focus on exposed services, open ports, and CVEs mapped to detected service versions. |
| Asset Discovery | Insights from host and device discovery scans. Focus on unrecognized devices, MAC vendor anomalies, and unexpected hosts on the network. |
| System Vulnerability Findings | Insights from service fingerprinting and vulnerability assessment. Focus on package versions, host level CVEs, misconfigurations, TLS issues, and detected secrets. |