Get started with AI Agents

Our AI Agents are specialized tools that automate complex security tasks, analyze entire portfolios simultaneously, and significantly reduce the manual effort required to navigate the platform. Instead of checking companies page-by-page, these agents act as an extension of your team.

How to access AI Agents

1. Select Ask AI , or click the search bar at the top of your SecurityScorecard page, then select ChatSSC. 
2. Select the specific Agent you need from the menu.
   

Available agents and how to use them

Instead of navigating the platform one company at a time, AI Agents act as an extension of your team, helping you analyze, monitor, and remediate risk at scale within SecurityScorecard.

Analysis and monitoring agents

Use these agents to visualize data, configure alerts, and automate monitoring across portfolios.

Reporting Agent

Generates visualizations and downloadable data exports.

How to use:

1. Select a portfolio.
2. Specify the metrics to analyze (for example, Show me Score history or Issue counts).
3. Define the timeframe (for example, Weekly view for the last year).

The agent generates a chart you can view in chat, plus a CSV or image file to download.

Rule Builder Agent

Helps you create alert rules while preventing duplicate rules.

How to use:

1. Describe the rule you want to create (for example, Alert me if any company in this portfolio drops by 10 points).
2. The agent checks for existing rules to avoid duplicates.
3. Follow the direct link to the Rule Builder UI to finalize the rule.

Monitoring Setup Agent

Streamlines setting up broad alerts for scores and breaches across entire portfolios.

How to use:

1. Ask the agent to set up monitoring (for example, Set up breach monitoring for Critical Vendors portfolio.)
2. The agent will configure the alert and automatically activate it, ensuring you don't miss critical events.

Questionnaire Gap Analysis Agent

Identifies discrepancies between vendor questionnaire responses, live data, and policy.

How to use:

1. Select a specific questionnaire response.
2. The agent compares answers against SecurityScorecard data.

It generates a summary of gaps and provides a citation-backed CSV explaining exactly what to tell the vendor.

Remediation planning agents

Use these agents to identify risk drivers and generate remediation plans or vendor communications.

KEV Remediation Plan Agent

Scans your portfolio for Known Exploited Vulnerabilities (KEVs) and drafts outreach emails.

How to use:

1. Select the agent and ask it to analyze a specific portfolio (for example, Analyze my Critical Vendors Portfolio).
2. Review the list of identified risks.
3. Pro Tip: Ask the agent to Draft an email to these vendors explaining the risk. You can even request a specific tone, such as Write this for a non-technical audience.

Score Drop Remediation Agent

Identifies why scores are dropping and creates Action Plans directly in the platform.

How to use:

1. Ask the agent to review a portfolio for score drops.
2. Select a company to dive deeper into why the score dropped.
3. Use a prompt such as Create an Action Plan to reach a score of 85 by March 31. 

The agent will generate this plan in your "Action Plans" tab.

Critical Vulnerability Agent

Scans a portfolio to provide a high-level synthesis of general critical vulnerabilities (CVEs).

How to use:

1. Select the agent and specify the portfolio to analyze.
2. The agent will list critical vulnerabilities across the group.
3. Ask for a summary remediation plan to share with your internal team.

Breach Remediation Plan Agent

Identifies breach events and outlines remediation steps.

How to use:

1. Run the agent against a portfolio to check for recent breach events.
2. If breaches are found, the agent will outline immediate remediation steps.

Breach analysis agents

These agents are best for deep-tier investigation and automatic vendor detection use cases.

Downstream Breach Analyst (AVD)

Maps 4th-party risk ("vendors of vendors") to show you exactly how you are connected to a downstream breach.

How to use:

1. Ask the agent to analyze a portfolio or a specific domain.
2. It scans hundreds of associated 4th-party vendors.

It produces a map showing which of your vendors are using the breached 4th-party service, making the data immediately actionable.

Malware/Ransomware Analyst

Scans for specific infection events to identify high-risk history.

How to use:

1. Run the agent on a portfolio.
2. The agent will distinguish between general breaches and specific malware or ransomware infection events.
3. Use this data to flag vendors with a history of poor hygiene regarding specific attack vectors.

Real-world examples

Scenario A: The "score drop" immediate fix

Problem: A portfolio’s average score drops, but reviewing each company individually would be time-consuming.

Solution:

1. Select the Score Drop Remediation Agent.
2. Ask it to analyze the affected portfolio (for example, Analyze my Critical Vendors portfolio.)
3. The agent identifies the specific company driving the drop.
4. Use a command such as, Create an Action Plan to get them back to an 'A' by next month.

Result: The agent pushes a live Action Plan directly into the SecurityScorecard UI.

Scenario B: Mass vendor outreach

Problem: Multiple vendors are affected by KEVs, and you need clear, non-technical communication.

Solution:

1. Select the KEV Remediation Plan Agent.
2. Ask it to scan your portfolio.
3. The agent lists the impacted vendors.
4. Command: "Draft an email to these vendors explaining the risk in simple terms." 

Result: You get a ready-to-send email draft, saving you the effort of translating technical jargon into vendor communication.

Additional resources

• On-demand webinar: The AI Force Multiplier: Scale Your Security Team with Agents and Automation