FAQ

NaxusAI is just a PoC of how LLMs can help to find vulnerabilities in code very fast. We are currently looking for companies that would like to invest or acquire the product for further development like:

• Adding more languages

• Supporting more SCM platforms (like Gitlab and Bitbucket)

• Adding context to improve the PRs and commits monitorization

• ...

If you are interested, just contact us at [email protected]!

When you configure a repo NaxusAI generate a Graph of the repo finding all the dependencies of all the objects within the repo (functions, classes, global variables...). This is also called context.

Then, NaxusAI also allow which of these objects attackers can access (exposed). For example, in a Flask application, every http endpoint accessible externally should be marked as exposed.

Then, it's possible to ask NaxusAI to audit only the exposed objects all all their dependencies (recursively gathered), giving all the context a LLM needs to audit the code but without sending more code than needed.

With our Organizations plan you get an AI + Human synergy reviewing the code to ensure vulnerabilities don't make their way in and that you don't get false positives.

NaxusAI will also monitor your configured repos for new commits and Pull Requests. Note that context is yet not used here (NaxusAI will just check the changed but not its dependencies). But this is planned to be added.

For now, only GitHub. However, we can expand to other platforms like Bitbucket or GitLab easily if needed.

We could also offer an on-premise solution if necessary.

We could integrate easily Naxus with ticketing applications if an Organization request it.

For now, vulnerabilities are presented on the NaxusIA dashboard and GitHub.