Skip to main content

AI Agent Examples

Explore practical examples of how DeepTraq's AI agents can help you automate security operations, analyze vulnerabilities, and enhance your security posture. These real-world scenarios demonstrate the power of AI-driven security automation.

Vulnerability Analysis Examples

Example 1: Analyzing Critical CVEs

Question: "Analyze CVE-2024-3094 and tell me if it affects my environment. What's the risk level?"

What the AI does:

  • Searches the CVE database for vulnerability details
  • Checks your asset inventory for affected software versions
  • Evaluates CVSS score and exploitability
  • Identifies if public exploits are available
  • Provides risk assessment specific to your environment

Sample Response:

CVE-2024-3094 is a critical supply chain vulnerability (CVSS: 10.0) in XZ Utils 
affecting versions 5.6.0 and 5.6.1. 

Environment Impact:
- 3 Linux servers running affected versions detected
- All are internet-facing production systems
- Public exploit code is available

Risk Level: CRITICAL
Recommendation: Immediate patching required. Downgrade to XZ Utils 5.4.x or upgrade 
to 5.6.2+ within 24 hours.

Example 2: Prioritizing Vulnerabilities for Patching

Question: "Which 5 vulnerabilities should I patch first this week based on severity, exploitability, and business impact?"

What the AI does:

  • Analyzes all detected vulnerabilities
  • Considers CVSS scores, exploit availability, and asset criticality
  • Evaluates business context (production vs. dev systems)
  • Ranks vulnerabilities by actual risk
  • Provides actionable patch recommendations

Sample Response:

Top 5 Vulnerabilities to Patch This Week:

1. CVE-2024-1234 - Apache Tomcat RCE (CVSS: 9.8)
   • Affects: 12 production web servers
   • Active exploitation detected in wild
   • Patch: Upgrade to Tomcat 10.1.20

2. CVE-2024-5678 - OpenSSH Authentication Bypass (CVSS: 9.1)
   • Affects: 45 servers with public SSH access
   • PoC exploit publicly available
   • Patch: OpenSSH 9.7p1

3. CVE-2023-9999 - PostgreSQL SQL Injection (CVSS: 8.5)
   • Affects: 5 database servers with customer data
   • Associated with ransomware campaigns
   • Patch: PostgreSQL 15.6

4. CVE-2024-4321 - NGINX Buffer Overflow (CVSS: 8.2)
   • Affects: 8 load balancers
   • Exploit difficulty: Medium
   • Patch: NGINX 1.25.4

5. CVE-2024-8765 - Redis Unauthorized Access (CVSS: 7.8)
   • Affects: 3 cache servers
   • Default configuration vulnerability
   • Fix: Enable authentication + update to 7.2.4

Example 3: Understanding Complex Vulnerabilities

Question: "Explain CVE-2024-21626 (Leaky Vessels) in simple terms. How does it work and why is it dangerous?"

Example 4: Vulnerability Trend Analysis

Question: "Show me the trend of vulnerabilities over the last 6 months. Are we getting better or worse?"

Threat Intelligence Examples

Example 5: Checking for Active Exploits

Question: "Do any of my critical vulnerabilities have active exploits being used by threat actors right now?"

What the AI does:

  • Cross-references your vulnerabilities with threat intelligence feeds
  • Checks CISA KEV catalog and exploit databases
  • Identifies active exploitation campaigns
  • Prioritizes based on real-world threat activity

Sample Response:

⚠️ 4 Critical Vulnerabilities with Active Exploitation Detected:

1. CVE-2024-4577 - PHP-CGI RCE
   Status: Active exploitation (Last 48 hours)
   Threat Actor: APT41, Ransomware groups
   Your Exposure: 6 web servers
   Action: IMMEDIATE PATCHING REQUIRED

2. CVE-2023-46604 - Apache ActiveMQ RCE
   Status: Mass exploitation (CISA KEV listed)
   Used by: HelloKitty ransomware
   Your Exposure: 2 message queue servers
   Action: Patch + Network segmentation

3. CVE-2024-1086 - Linux Kernel Privilege Escalation
   Status: Active in APT campaigns
   Seen with: Scattered Spider group
   Your Exposure: 18 Linux servers
   Action: Kernel update to 6.7.1+

4. CVE-2024-3400 - Palo Alto PAN-OS Command Injection
   Status: Widespread exploitation
   Threat: State-sponsored actors
   Your Exposure: 1 firewall device
   Action: Emergency patch + IOC hunting

Recommendation: Prioritize patching these 4 vulnerabilities within 24 hours.

Example 6: Ransomware Risk Assessment

Question: "Which of my vulnerabilities are commonly exploited by ransomware groups? What's my ransomware risk score?"

Example 7: Threat Actor TTPs

Question: "What are the common tactics, techniques, and procedures (TTPs) used to exploit vulnerabilities in my industry?"

Network Security Examples

Example 8: Open Ports Risk Analysis

Question: "What are the most risky open ports in my network and which ones should I close immediately?"

Example 9: Attack Surface Reduction

Question: "How can I reduce my attack surface based on my current security findings?"

Example 10: External Exposure Assessment

Question: "What services are exposed to the internet and which ones shouldn't be?"

Compliance & Reporting Examples

Example 11: Compliance Gap Analysis

Question: "What vulnerabilities are preventing me from meeting PCI-DSS compliance requirements?"

Example 12: Executive Security Summary

Question: "Create an executive summary of my security posture for the board meeting next week."

Example 13: Regulatory Violation Check

Question: "Are there any security issues that could result in GDPR violations or fines?"

Remediation & Patching Examples

Example 14: Patch Deployment Strategy

Question: "What's the safest way to patch my production database servers without causing downtime?"

Example 15: Workaround Recommendations

Question: "I can't patch CVE-2024-1234 immediately. What temporary workarounds can I implement?"

Cloud Security Examples

Example 16: Cloud Misconfigurations

Question: "What are the most critical misconfigurations in my AWS environment?"

Example 17: Container Security

Question: "What vulnerabilities exist in my container images and how can I fix them?"

Code Security Examples

Example 18: Vulnerable Dependencies

Question: "Which third-party libraries in my applications have known vulnerabilities?"

Example 19: Secret Exposure

Question: "Have any API keys, passwords, or secrets been accidentally committed to my repositories?"

Incident Response Examples

Example 20: Incident Prioritization

Question: "I have multiple security alerts. Which ones should I investigate first?"

Getting Started with AI Agents

To use these examples:

  1. Access the AI Agent from your dashboard or vulnerability cards
  2. Select an AI model that best fits your query complexity
  3. Type or select a question from the predefined options
  4. Review the response and ask follow-up questions for deeper analysis
  5. Take action based on AI recommendations

Tips for Better Results

  • Be specific: Include CVE IDs, asset names, or specific concerns
  • Provide context: Share relevant scan results or environment details
  • Ask follow-ups: Dig deeper into any response for more information
  • Combine queries: Start with broad questions, then narrow down