Use the Endor AI Chat to understand vulnerabilities and view recommended actions. It leverages AI to provide contextual explanations, guidance, and next steps for issues detected in your project. With AI-powered context, you can reduce time spent digging through raw data and accelerate triage and remediation.
You can use Endor Ask AI chat from multiple places across the Endor Labs application.
Prerequisites
Ensure that the following prerequisites are in place to start using Endor Ask AI chat. You must have an active Endor Labs subscription with the Security Review license bundle and enable Code Segment Embeddings and LLM Processing in Data Privacy settings.
Enable Code Segment Embeddings and LLM Processing
Perform the following steps to enable code segment embeddings and LLM processing:
-
Select Manage > Settings from the left sidebar.
-
Select SYSTEM SETTINGS > Data Privacy.
-
Select Code Segment Embeddings and LLM Processing.
-
Click Save Data Privacy Settings.
Verify license and feature access
Perform the following steps to verify your license and feature access:
- Select Settings > License from the left sidebar.
- Verify that you have Security Review in Products and Features.
Investigate vulnerabilities
Use the AI chat to simplify technical details and generate summaries.
- From the left sidebar, select Projects, then search for and choose a project.
- Select a finding and click Ask AI to get more details.
- Ask questions like,
- What systems are affected?
- Is this vulnerability exploitable?
- How does EPSS affect my risk?
- Whatβs the CVSS vector breakdown?
Summarize and compare scan results
From the scan history, you can analyze and compare scans to understand changes over time.
- From the left sidebar, select Projects, then search for and choose a project.
- Select SCAN HISTORY to review the past scans.
- Select multiple scan history entries and click Actions > Add to AI Chat.
- Ask questions like,
- What changed between these scans?
- Which issues were introduced or resolved?
Understand vulnerabilities
ASK AI simplifies searching the Vulnerability Database by allowing users to ask natural-language questions. It provides guidance and explanations, helping users quickly interpret risk and remediation options.
- From the left sidebar, select Vulnerabilities.
- Search for a vulnerability and select a search result.
- Click Ask AI to get data about the vulnerability.
- Ask questions like,
- How does this affect Tomcat servers?
- Why is this considered high severity?
Data scope for AI responses
Endor Ask AI chat agents generate answers based solely on specific data available within the Endor Labs platform. They have access only to the following data objects:
- Findings
- Scan results
- Vulnerabilities
- Package versions
Agents are designed to provide insights, explanations, and recommendations from the content of these objects. If the requested information falls outside this scope, such as external environment data, undocumented configurations, or unrelated context, the AI may not be able to generate a response.