AppScan on Cloud AI assistant

The AI assistant is an integrated intelligence layer that works within the AppScan on Cloud environment. It provides security insights, automates issue triage, and offers remediation guidance.

Access the AI assistant

You can access the AI assistant from any page in AppScan on Cloud. Look for the AI assistant icon AI assistant icon in the interface. The assistant includes a conversational interface with suggested questions and a searchable chat history.

User interface components

The AI assistant interface includes the following elements:

  • Conversation panel: The main area where you send prompts and view AI-generated responses.
  • Suggestion questions: Preformatted questions for quick interaction, based on your current context.
  • Chat history list: A searchable record of previous conversations.
  • Layout options: Viewing modes including right-side panel, left-side panel, and full-screen.
  • Feedback buttons: Options to rate responses and help improve assistant performance.
  • Session controls: Options to pin, rename, or delete chat sessions.

Core capabilities

The AI assistant provides three main capabilities:

  • Insights: Data analysis and reporting.
  • Triage: Issue management and false-positive reduction.
  • Remediation: Guidance and recommendations to fix issues.

It also provides global search, comparison, statistics, and trend analysis.

Insights: Data analysis and reporting examples:

  • Analyze security trends and patterns across applications.
  • Query critical findings data (for example, how many critical findings are fixed versus found in a given quarter).
  • Generate contextual analysis based on your current location in the application.
  • Download reports in HTML format (PDF and CSV reports are not supported).
  • Perform global searches across your entire application set to find specific information, such as CVEs or library usage.

Triage: Issue management and false-positive reduction:

  • Ask the assistant to identify potential false positives in scan results.
  • Mark specific findings as noise by updating the status of the affected issues.
  • Use AI assistance to manage issue classification.
  • Get context-aware responses that recognize the entity you are viewing (application, scan, or finding).

Remediation: Guidance and recommendations:

  • Get recommendations for addressing specific vulnerability types.
  • Improve code quality and security posture based on AI analysis.

Session management

Use the following features to manage AI assistant conversations efficiently:

  • Chat history: Search and browse your complete conversation history.
  • Pin sessions: Pin important conversations for quick access.
  • Rename sessions: Use descriptive names to make sessions easier to find.
  • Delete sessions: Remove conversations you no longer need.
  • Layout modes: Switch between right-panel, left-panel, and full-screen viewing modes.

Supported languages

The AI assistant supports multilingual interactions without requiring manual settings changes. Start typing in your preferred language, and the assistant responds accordingly. No language configuration is required.

Best practices

For best results when using the AI assistant:

  • Ask specific questions to get more targeted responses.
  • Use contextual questions when viewing specific applications, scans, or findings.
  • Use suggestion questions for common tasks.
  • Provide feedback on responses to help improve assistant performance.
  • Use global search to find information across your entire application portfolio.
  • Organize chat sessions by pinning and renaming important conversations.

Settings and limitations

  • Functionality is limited to reporting, analysis, and triage management.
  • The assistant cannot trigger or schedule scans directly (for example, it cannot run rescans on issues).
  • The assistant uses AppScan's secured LLM that is managed by AppScan and cannot be configured.
  • PDF and CSV reports are not supported; HTML format is available instead.
  • Token quotas: Users have a monthly token quota that resets on a schedule determined by your organization, with limits based on your subscription and usage patterns.
  • AI assistant is enabled by default but can be disabled completely by administrators for the entire organization.

Feedback and support

The AI assistant interface includes feedback mechanisms to help improve the service:

  • Response rating: Rate individual responses to provide feedback on accuracy and usefulness.