1. Overview
Vezraa is primarily a rule-based security scanning engine that checks your web application against hundreds of deterministic tests (security headers, DNS configuration, TLS settings, exposed API keys, open admin routes, etc.). We supplement these deterministic checks with AI-assisted analysis in specific areas to provide deeper context and actionable remediation.
AI-assisted analysis is never the sole basis for a security finding. Every vulnerability reported by Vezraa is first detected by a deterministic check or heuristic rule. AI is used to enrich, explain, or suggest fixes for findings that our engine has already identified.
2. Where we use AI
We use AI-powered analysis in the following areas of the Service:
- Executive summaries: AI generates a natural-language summary of scan results, highlighting the most critical issues and overall security posture.
- Fix suggestions: For certain findings, AI generates code-level remediation suggestions (fix prompts) that you can apply directly.
- Attack replay explanations: AI may describe the impact and mechanism of a detected vulnerability in plain language.
- Compliance heuristics: AI assists in mapping findings to relevant compliance frameworks (OWASP, NIST, CIS, GDPR, etc.).
- Threat intelligence enrichment: AI may correlate findings with known vulnerability databases or threat patterns.
We use third-party AI providers including OpenAI and Anthropic for these features. See our Privacy Policy for details on data shared with these providers.
3. Limitations & caveats
AI-assisted analysis has inherent limitations that you should be aware of:
- AI-generated content may contain inaccuracies, hallucinations, or outdated information. Always verify AI-generated fix suggestions before applying them.
- AI-generated severity ratings and risk scores are estimates and should not be relied upon as definitive security assessments.
- AI analysis may produce false positives (flagging items that are not vulnerabilities) or false negatives (failing to flag items that are vulnerabilities).
- AI-generated compliance mappings are informational and do not constitute a formal compliance determination.
- You are solely responsible for independently verifying all scan results and AI-generated content before taking any action.
4. No training on your data
We do not use your scan data, source code, repository contents, or any personal data to train or fine-tune AI models. Our AI providers (OpenAI, Anthropic) are contractually prohibited from training on data submitted through their APIs. See our Privacy Policy for details.
5. Human review
AI-generated content in scan reports is reviewed by automated quality checks but is not routinely reviewed by a human before delivery. If you believe AI-generated content in your report is inaccurate or misleading, please contact udayakirantumma@gmail.com.
Blog posts and marketing content that are AI-assisted are reviewed by security professionals before publication, as noted on the individual piece.
6. Transparency & labeling
We label AI-assisted content throughout the Service so you know when you are reading AI-generated material. Look for labels such as “AI-generated” or “AI-assisted” on:
- Executive summaries in scan reports
- Fix suggestions and remediation prompts
- Blog posts (noted at the top of the article)
- Marketing pages (noted in the footer)
7. Contact
If you have questions about our use of AI, or if you would like to opt out of AI-assisted features (where available), please contact us at udayakirantumma@gmail.com.