AI Integration
How to use the built-in AI assistant and external MCP tools to automate VDP triage, severity assessment, and researcher communication.
Why It Matters
Security triage is high-cognitive-load, repetitive work. Every report requires scope checking, duplicate detection, severity assessment, and a response to the researcher. AI assistance reduces average triage time from hours to minutes.
The CSIRT AI agent can read your entire program state, suggest severity, check duplicates, and draft responses without leaving the context of your workflow. It operates as a copilot, not an autopilot — every write action requires your explicit confirmation before executing.
AI Screening (Automatic)
Every submitted report is scored automatically before it reaches your triage board. No configuration required — screening runs on every submission.
The screener detects twelve AI slop signals:
| Signal | What It Catches |
|---|---|
| Hallucinated function names | References to methods or APIs that do not exist in common frameworks or the target codebase |
| Fabricated CVE numbers | CVE IDs that do not appear in the NVD database |
| Previous CVE cited as new | An existing, already-published CVE presented as if it were a novel finding |
| Generic remediation | Boilerplate fix advice that could apply to any vulnerability and is not tied to the reported issue |
| No specific proof-of-concept | “I can demonstrate this on request” with no reproduction steps, screenshots, or runnable exploit |
| Template language | Copy-pasted phrasing from a bug bounty report template that could apply to any target |
| Vague reproduction steps | Reproduction instructions too imprecise to actually follow or reproduce the issue |
| Template structure | The overall report layout mirrors a generic template rather than a real investigation |
| Inconsistent technical details | Claims that contradict each other or do not add up technically |
| References to nonexistent code elements | Files, endpoints, parameters, or symbols that do not exist in the target |
| Academic description | Textbook explanation of a vulnerability class with no evidence it affects this target |
| Generic title | A title that names a vulnerability class without anything specific to the report |
Each report receives a confidence score (0–100) and a recommendation:
| Recommendation | Meaning |
|---|---|
| Pass | No slop signals detected. Report enters the triage board normally. |
| Review | Mild signals present. Report enters the triage board with a warning badge. |
| Flag | Strong slop signals. Report is flagged on the triage board card with an AI badge and reasoning. |
Flagged reports are never auto-rejected. The screening result and its reasoning are visible on the report detail view so you can make the final call. This is advisory only — the system is intentionally conservative to avoid falsely flagging legitimate researchers, especially non-native English speakers.
CSIRT AI Agent
Access the AI assistant via the sidebar chat (the chat icon in the top navigation). On VDP pages, the assistant automatically loads the CSIRT agent with full access to your program data.
The agent has access to 31 tools across two categories:
- Read tools (17) — query program state, reports, researchers, karma, metrics, financial data, and external peer shares
- Write tools (14) — set up the program (create, configure, activate, trial), triage reports, record assessments, resolve appeals, adjust karma, send messages, approve bounties, link external references, and share reports with outside peers
Write tools require confirmation. The AI will describe what it is about to do and wait for your approval before executing.
Read Tools
| Tool | What It Does |
|---|---|
csirt_get_setup_guide |
Start here. Program overview with report counts, SLA compliance, and a config checklist — plus the config schema, recommended defaults, and the exact next tool to call. Degrades gracefully for brand-new accounts with no program. |
csirt_get_program |
Full program configuration — all seven settings tabs rendered as human-readable data |
csirt_list_reports |
Filterable report list with SLA indicators (filter by status, severity, assignee, SLA status) |
csirt_get_report |
Full report detail: assessment, messages, timeline, bounty award, researcher profile |
csirt_get_report_timeline |
Chronological log of every event on a report (status transitions, messages, assessments, assignments) |
csirt_check_duplicates |
Finds candidate duplicates based on matching endpoint and vulnerability type |
csirt_validate_scope |
Checks if a report’s affected endpoint falls within the configured program scope |
csirt_suggest_severity |
Returns report context alongside the bounty matrix so the AI can reason about appropriate severity |
csirt_get_bounty_benchmark |
Historical bounty data for a severity tier or vulnerability type (median, average, range, recent examples) |
csirt_list_messages |
Full message thread for a report, including internal notes |
csirt_draft_response |
Loads the matching Liquid template with pre-filled variables so the AI can draft a natural researcher response. This is a read tool — it prepares context but does not send anything. Use csirt_send_message to send. |
csirt_get_ledger |
Financial audit trail, filterable by report, entry type, and date range |
csirt_get_metrics |
MTTA, MTTR, SLA compliance percentage, reports by severity and status, top researchers, total bounty data |
csirt_get_researcher |
Researcher profile with submission history, karma tier, and total bounty earned |
csirt_get_researcher_karma |
A researcher’s karma score, tier, signal, reputation breakdown, and recent karma-event history (look up by prefix ID or email) |
csirt_list_researchers |
Filterable researcher directory with report counts and bounty totals |
csirt_list_report_shares |
Lists active external peer shares on a report (email invites and anyone-with-the-link), with view audit and the shareable URL. Find a share_id here to revoke via csirt_share_report. |
Write Tools
Write tools require explicit confirmation before executing. The AI will tell you what it is about to do, and you must approve the action.
| Tool | What It Does |
|---|---|
csirt_create_program |
Create the VDP in Draft status with sensible defaults. Free tier, idempotent. The first step in standing up a program. |
csirt_configure_program |
Set any subset of the seven config sections (scope, bounty matrix, SLAs, triage, payouts, spam, security.txt) in one call. Amounts in cents; keys mirror csirt_get_program. |
csirt_activate_program |
Take the program live — publishes the public portal and accepts real reports. Requires human confirmation; refuses until scope and the security.txt contact email are set. |
csirt_start_trial |
Start a free, cardless, self-cancelling 30-day VDP Add-on trial. Never captures a card — paid checkout stays in the web UI. |
csirt_triage_report |
Advance a report’s status (e.g., Submitted to Triaged) with an optional comment. Dismissing requires a reason code; a report with an approved bounty must be dismissed via csirt_dismiss_report
|
csirt_assess_report |
Record a CVSS vector and severity assessment on a report |
csirt_dismiss_report |
Dismiss a report with a reason code (out of scope, duplicate, informational, not reproducible, spam, other) and optional note. Revokes an approved bounty when revoke_bounty: true is confirmed |
csirt_resolve_appeal |
Resolve a researcher’s pending appeal on a report (accepted or rejected). Accepting a dismissed report reopens it; rejecting upholds the outcome. The researcher is emailed the decision. |
csirt_assign_report |
Assign a report to a team member for investigation |
csirt_send_message |
Send a message in the report thread — external (visible to researcher) or internal (staff only) |
csirt_approve_bounty |
Approve a bounty amount for a resolved report (VDP Add-on only) |
csirt_link_asset |
Link an external reference (Jira ticket, GitHub/GitLab fix PR, Linear issue, Notion doc, or any URL) to a report so staff can track related work. Internal-only — never shown to the researcher. |
csirt_share_report |
Grant or revoke external peer access to a report. Shares only redacted technical fields (title, type, endpoint, description, repro, severity, attachments) — researcher identity, bounty, and internal notes never cross the boundary. |
csirt_adjust_karma |
Manually adjust a researcher’s karma by a preset reason code with fixed points, linked to the report (and optionally a linked asset) that justifies it. Karma floors at 0. |
All write tools require the csirt_write scope when accessed via external MCP clients.
Example Prompts
Use these in the sidebar chat on any VDP page:
"Show me my triage queue — what's at risk of breaching SLA?"
"Check report rpt_abc123 for duplicates and suggest a severity."
"Draft a validation response for report rpt_abc123 explaining we've confirmed the SQL injection."
"What's our SLA compliance rate this month?"
"List all unassigned Critical reports."
"Triage report rpt_abc123 to Validated and assign it to Alice."
"Approve a $500 bounty for report rpt_abc123 — it's a High severity XSS."
"Show me the researcher profile for the person who submitted rpt_abc123."
"What does the bounty history look like for High severity findings?"
The assistant uses the read tools to gather context, then uses the write tools when you ask it to take action. You can chain commands naturally — “check for duplicates, suggest severity, and draft a response” runs three tools in sequence.
Connecting via MCP (External Clients)
For external AI assistants like Claude Desktop, Claude Code, or custom MCP agents, all 31 CSIRT tools are available through the MCP API. The CSiRT module must be granted on the consent screen for any CSIRT tools to be available, and write tools require the csirt_write scope.
To stand up a program from scratch with an agent, see Set up a VDP with an AI agent, which walks the csirt_get_setup_guide → csirt_create_program → csirt_configure_program → csirt_activate_program chain.
See Connecting AI Assistants for setup instructions, authorization flow, and scope management.
Once connected, the external client has access to the same tool set as the built-in sidebar chat. Start with csirt_get_setup_guide to get an overview of your program before using other tools.
llms.txt Endpoint
Your security portal automatically serves a machine-readable description at /llms.txt. This follows the llms.txt standard and provides AI assistants with structured context about your vulnerability disclosure program — scope, rules of engagement, and submission guidelines. No configuration needed; it updates automatically as you change your program settings.
Quick Checklist
- Open a report and use the AI sidebar to try “Check for duplicates”
- Ask the assistant “What’s our SLA compliance this month?” from the VDP dashboard
- Try “Draft a dismissal response” on an out-of-scope report
- Review the AI screening badge on any flagged report to understand what triggered it
-
Connect an external MCP client and call
csirt_get_setup_guideto verify access - Read Triaging Reports for the full triage workflow that these tools support