ScanexAI
Get Started Log in

AI TRANSPARENCY

Use of AI

AI augments — it does not replace — security expertise.

ScanexAI uses AI to translate technical findings into clear, actionable language. Vulnerability detection itself is entirely rule-based and deterministic.

AI Models Used

  • ScanexAI uses Llama 3 (via Groq) for generating executive breach narratives and remediation priorities

  • Vulnerability detection is rule-based - AI is not used to identify vulnerabilities; it only narrates and prioritises findings

  • No proprietary or fine-tuned models are used; all AI calls go to Groq's hosted inference API

  • Model selection may be updated to newer or more capable models as they become available

How AI Is Used in Scanning

  • After the rule-based scanner completes, AI receives a structured JSON summary of findings

  • AI generates a plain-English breach narrative explaining how an attacker could chain vulnerabilities

  • AI produces ranked remediation recommendations ordered by exploitability and impact

  • The AI narrative is clearly labelled in reports and is supplementary - not the primary security assessment

Data Sent to AI

  • Only structured scan metadata is sent: vulnerability types, CVSS scores, attack chain nodes, and the target URL

  • No raw page content, user data, credentials, or personal information is transmitted to the AI provider

  • Prompts are constructed server-side and are not editable by end users to prevent prompt injection

  • AI provider data retention policies apply - refer to Groq's privacy policy for details

AI Limitations & Disclaimers

  • AI-generated narratives may contain inaccuracies or hallucinations - always verify findings with manual testing

  • The breach narrative does not constitute legal or professional security advice

  • AI outputs should be reviewed by a qualified security professional before being acted upon in production

  • ScanexAI's AI features are intended to assist communication of risk, not replace expert judgement

Human Oversight

  • All AI outputs are clearly marked as AI-generated within the platform and PDF reports

  • Users retain full responsibility for decisions made based on AI-generated content

  • ScanexAI reviews AI feature behaviour periodically and may update prompts to improve accuracy

  • If you encounter a materially incorrect AI narrative, please report it via our support channel

Effective date: 1 June 2025