AI Analysis
Turn raw scan findings into actionable insights. AI Analysis uses Claude models and MCP tools to deliver next-step recommendations and deep analysis enriched with CVE and OWASP context.
Overview
When a scan finishes, you have a list of findings — but which findings matter? What should you do next? AI Analysis answers these questions by analyzing your scan results with Claude and returning a structured output.
How it works
- You select a scan job and choose a mode (next_steps or analysis)
- The backend collects evidence from all scan steps
- The orchestrator picks a strategy (workflow or agent) and a model
- Context is enriched via MCP tools (CVE lookup, EPSS scores, etc.)
- Claude generates a structured response, persisted to the database
- You review and submit feedback to improve future outputs
Suggestion modes
There are two AI modes that match different use cases:
Next steps
Returns a list of recommended next tool runs based on current findings.
Default: claude-haiku-4-5 · workflow strategy
Deep analysis
Full analysis of scan results with severity, exploitability, and remediation guidance.
Default: claude-sonnet-4-6 · workflow strategy
Next steps mode
This mode analyzes your scan results and recommends 3-5 next tool runs with priority and reasoning. Great for guiding workflows when you're unsure of the next step.
How to use via UI
- Navigate to any Scan details page.
- Click on the 'AI Suggestions' or 'Next Steps' tab.
- Click the 'Generate Suggestions' button.
- Wait a moment for Claude to analyze the data.
- A list of next steps will appear with priority levels.
Deep analysis mode
Deep analysis produces an executive-level summary of the scan with severity grouping, attack path analysis, and remediation steps. Great for pre-report walkthroughs or briefing non-technical stakeholders.
How to use via UI
- In the Dashboard, select the 'Deep Analysis' tab.
- You will see an Executive Summary of the results.
- Review Attack Paths to understand the risks.
- Follow the Remediation steps to fix the issues.
MCP tools
Auto-Offensive ships an MCP server that exposes 18 specialized tools to Claude. These tools enrich AI suggestions with external context like CVE data, OWASP categories, and historical results.
Available tools
cve_lookupLook up CVE detailscwe_detailsCWE weakness infoepss_scoreExploit Prediction Scoringexploit_pocExploit PoC lookupowasp_mappingOWASP category mappingseverity_calculatorCVSS calculatorattack_patternsAttack pattern lookupremediation_guideRemediation guidancehttp_headers_checkSecurity headers analysisnuclei_template_searchNuclei template searchpayload_encoderPayload encoding utilitiesport_service_mapPort-to-service mappingsubdomain_intelSubdomain intelligencetech_catalogTechnology catalogtool_capabilityTool capability lookupwaf_fingerprintWAF detectionscan_evidenceScan evidence retrievalfeedback_historyOperator feedback historyModels & cost
Auto-Offensive uses Claude models from Anthropic. Each mode has a default model with a fallback chain to alternative models if the primary is unavailable.
Cost estimation
Before generating a suggestion, you can estimate the cost to show users a price hint.
Viewing estimate via UI
- When you are about to Generate an analysis...
- The system will automatically display the estimated cost above the button.
Capabilities & health
Checking via UI
- Go to 'Settings' > 'AI Configuration'.
- You can see the AI Health status and available Models.
Feedback loop
Operators can submit feedback on saved suggestions. Feedback is used to improve future outputs through the MCP feedback_history tool.
Providing Feedback via UI
- Below each Suggestion, there are Thumbs Up and Thumbs Down buttons.
- Click on them and you can write your comment.
- Click Submit to save.