Skip to main content
AI Chat provides an intelligent assistant to help you understand security vulnerabilities, get remediation guidance, and answer questions about your code.

Accessing AI Chat

From an Issue

  1. Open any issue in the dashboard
  2. Click “Ask AI”
  3. Chat opens with the issue context preloaded

From the Header

  1. Click the AI Chat icon in the project header
  2. Chat opens for general security questions
  3. No specific issue context

What AI Chat Can Do

Explain Vulnerabilities

Ask about any security issue:
  • “What is SQL injection?”
  • “How can this XSS be exploited?”
  • “What’s the impact of this vulnerability?”

Suggest Fixes

Get remediation guidance:
  • “How do I fix this?”
  • “Show me a secure implementation”
  • “What library should I use for sanitization?”

Analyze Code

Discuss code patterns:
  • “Is this input validation sufficient?”
  • “What security issues might this function have?”
  • “How can I make this more secure?”

Answer Security Questions

General security guidance:
  • “What’s the best practice for storing passwords?”
  • “How should I handle user authentication?”
  • “What security headers should I set?”

Example Conversations

Understanding an Issue

You: What does this SQL injection issue mean?

AI: This SQL injection vulnerability occurs because user input
is directly concatenated into the SQL query string. An attacker
could input something like `' OR '1'='1` to bypass authentication
or `'; DROP TABLE users; --` to delete data.

The vulnerable code builds the query like:
"SELECT * FROM users WHERE id = " + userId

To fix this, use parameterized queries...

Getting a Fix

You: How do I fix this XSS vulnerability?

AI: For this XSS issue where user input is being rendered in HTML,
you have several options:

1. Use textContent instead of innerHTML:
   element.textContent = userInput;

2. Use a sanitization library:
   element.innerHTML = DOMPurify.sanitize(userInput);

3. Encode the output for the context...

Context Awareness

When opened from an issue, AI Chat knows:
  • The vulnerability type and description
  • The affected code snippet
  • The file path and location
  • Your codebase language and framework
This context helps provide relevant, specific guidance.

Tips for Better Responses

Be Specific

❌ "How do I fix this?"
✅ "How do I fix this SQL injection using Prisma ORM?"

Provide Context

❌ "Is this secure?"
✅ "Is this secure for a public API endpoint that handles payments?"

Ask Follow-ups

The chat maintains conversation history, so you can:
  • Ask clarifying questions
  • Request more detail
  • Ask for alternative approaches

Limitations

AI Chat is designed to help, but:
  • Always verify suggestions before implementing
  • It may not know your specific business logic
  • Complex architectural questions may need human review
  • It cannot access external systems or run code

Chat History

  • Chat history persists during your session
  • History is cleared when you close the browser
  • Conversations are not stored permanently

Issues

View and manage findings

Learnings

Create learnings from issues

Security Categories

Learn about vulnerability types

How It Works

Understand AI detection