AI Features Overview

Vulnotes integrates AI throughout the platform to help you write reports faster. From generating vulnerability descriptions to translating content across languages, AI acts as a writing assistant that you can use when needed.

Supported providers

Vulnotes supports multiple AI providers. Your administrator configures which one to use in Administration > Settings > AI. The available providers are:

• Vulnotes AI (default and included in every plan with 1M token/user/month, more token than what one user can use)
• OpenAI (GPT-4, GPT-3.5)
• Anthropic (Claude)
• Google (Gemini)
• Groq
• Azure
• ...
• Every other models that supports OpenAI API format (you can even use self-hosted models, if you want to keep data fully local)

The AI features work the same regardless of which provider is configured. Only the admin needs to set the API key and select the provider.

If you don't want/need AI, you can fully disable it with one click or disable only some AI functionnalities.

Where AI is available

AI features appear in several places:

• Report content sections - generate or improve section content
• Findings - generate descriptions, impact, remediation for individual findings
• Vulnerability library - generate full vulnerability entries from just a title
• Translation - translate vulnerabilities to other languages

Data anonymization

Before sending any data to the AI provider, Vulnotes anonymizes sensitive information. Company names, IP addresses, domain names, and other identifiable data are replaced with placeholders before the request is sent. The real values are restored in the response.

This means you can safely use cloud AI providers even when working on confidential assessments. The AI never sees your actual client names or infrastructure details.