Ask AI

The AI-powered Chatbot in Traceable enables you to query the data shown on the Traceable platform using natural language. Instead of navigating to multiple filters and dashboards, you can use this chatbot to answer queries such as "Show me APIs with no authentication”.

Currently, the chatbot is based on read-only use cases within the following modules and their corresponding pages:

Module	Page
Catalog	Inventory Application Flow Third Party Sensitive Data
Protection	Threat Actors Threat Activities Security Events APIs under Threat

To use the chatbot, you can click Ask AI in the bottom right corner of any of the above pages. You can use the chatbot to explore and extract insights from various sources, including APIs, threats, domains, APIs under threat, and sensitive data flows.

Note
The chatbot supports read-only queries; it does not allow updating configurations or triggering scans.

Data Sources

The chatbot queries and extracts data from the following modules and their corresponding sources:

Module	Sources
Catalog	API Inventory — Provides a detailed catalog of all discovered APIs, including their endpoints, authentication requirements, exposure levels (internal or external), ownership information, and traffic visibility. For more information, see Inventory. Services — Provides a logical grouping of APIs that help you understand which APIs belong to which service and the associated risk. For more information, see Services. Domains — Provides information on internal and external domains connected to the environments, highlighting which domains are public-facing, internal-only, or linked to third parties. For more information, see Domains. Backends — Provides information on connected backend systems and services that receive traffic from APIs, allowing you to identify dependencies, traffic volume, and data sensitivity within backend connections. For more information, see Backends. Sensitive Data — Provides information on API endpoints that process sensitive data, such as Personally Identifiable Information (PII), Social Security Numbers (SSN), or authentication tokens. This helps you identify risks associated with data privacy. For more information, see Sensitive Data.
Protection	Threat Actors — Provides information about malicious sources or entities identified by Traceable as potential attackers. This includes details, such as attacker information, origin, activity patterns, and severity levels. This helps you understand who is targeting your APIs. For more information, see Threat Actors. Threat Activities — Provides information about detected attack activities, including APIs and users. This provides visibility into attempted exploits, attack vectors, timestamps, and affected APIs, helping you track threat behavior. For more information, see Threat Activity. Security Events — Provides information on all security-related events captured across your environment. It displays data, such as detections, anomalies, and rules triggered by the threat actor, allowing you to analyze security incidents within your application. APIs under Threat — Provides information on the APIs currently being targeted or showing signs of attack. It provides insights into affected APIs, associated threat types, frequency of attacks, and risk levels to help prioritize protection measures. For more information, see APIs under Threat.

Module

Sources

Catalog

API Inventory — Provides a detailed catalog of all discovered APIs, including their endpoints, authentication requirements, exposure levels (internal or external), ownership information, and traffic visibility. For more information, see Inventory.
Services — Provides a logical grouping of APIs that help you understand which APIs belong to which service and the associated risk. For more information, see Services.
Domains — Provides information on internal and external domains connected to the environments, highlighting which domains are public-facing, internal-only, or linked to third parties. For more information, see Domains.
Backends — Provides information on connected backend systems and services that receive traffic from APIs, allowing you to identify dependencies, traffic volume, and data sensitivity within backend connections. For more information, see Backends.
Sensitive Data — Provides information on API endpoints that process sensitive data, such as Personally Identifiable Information (PII), Social Security Numbers (SSN), or authentication tokens. This helps you identify risks associated with data privacy. For more information, see Sensitive Data.

Protection

Threat Actors — Provides information about malicious sources or entities identified by Traceable as potential attackers. This includes details, such as attacker information, origin, activity patterns, and severity levels. This helps you understand who is targeting your APIs. For more information, see Threat Actors.
Threat Activities — Provides information about detected attack activities, including APIs and users. This provides visibility into attempted exploits, attack vectors, timestamps, and affected APIs, helping you track threat behavior. For more information, see Threat Activity.
Security Events — Provides information on all security-related events captured across your environment. It displays data, such as detections, anomalies, and rules triggered by the threat actor, allowing you to analyze security incidents within your application.
APIs under Threat — Provides information on the APIs currently being targeted or showing signs of attack. It provides insights into affected APIs, associated threat types, frequency of attacks, and risk levels to help prioritize protection measures. For more information, see APIs under Threat.

Caveats

By default, the chatbot displays up to 10 results per query for quick readability. For larger datasets, you can refine your query to view results according to your requirements.
Traceable chatbot preserves session context for follow-up questions within a single session. A session remains active until closed or after 15 minutes of inactivity, after which it automatically restarts.

Sample Questions

The following are some examples of the types of questions you can ask the chatbot:

Entity-based Queries

Show endpoints with no authentication.
List services with failed validations or errors.
Which backends received traffic in the past 24 hours?
Retrieve all security events with critical severity and a response status code of 200 in the past 24 hours.

Sensitive Data Queries

Which APIs have sensitive data exposure?
Show domains tagged as external that have PII exposure.
List the top 10 sensitive data APIs with the most security events in the past 7 days.

Contextual Queries

Which APIs changed in the past week?
Summarize the endpoints with risk above 6 that were discovered this month.
Show me all threat actors with an active status and a critical threat level in the past 24 hours.

Ownership Queries

Which services do not have any assigned owners?
How do I download the list of unauthenticated public endpoints?

Feedback

You can provide feedback to each chatbot response using the following options:

Thumbs Up — Considers positive feedback.
Thumbs Down — Enables you to provide additional comments on how the chatbot should improve.

Traceable uses this feedback to improve future versions of the chatbot.