Security Agents

Security Agents Architecture

At Deflectra, we are not just about scripts and rules; we are about revolutionizing the way you think about automated security. At the core of our technology is a highly advanced Multi-Agent System, where multiple AI agents work in concert to dissect, analyze, and secure your application.

Each agent is an expert in a specific domain, such as endpoint discovery or deep code semantic analysis, working in concert to achieve a level of coverage and precision not possible in traditional security tools.

Core Infrastructure Agents

Our agents are the foundation of our analysis pipeline, providing a comprehensive and accurate basis for every scan.

Documentation Agent

The Documentation Agent is the key architect of the security profile for your application. It is responsible for conducting a comprehensive read of the entirety of your code to create a semantic model of the application's logic. acting as the central hub, it intelligently orchestrates a fleet of sub-agents, delegating specific analysis tasks, such as api workflows mapping, libraries and packages involved and its versions or specific details about application models (even the most complex and robust ones), and synthesizing the results. The end result is a cohesive, verified, formatted, and ready for review documentation.

Endpoint Scanning Agent

To secure an application, you must first know what it exposes. The Endpoint Scanning Agent is responsible for parsing your application to identify all possible entry points. It examines controller logic and configuration files to identify all possible APIs, including shadow APIs.

Endpoint Verification & Deduplication Agent

While identification is an essential step in this process, this agent verifies that the results of the scanning process are valid and that each endpoint is associated with a valid and reachable route in your application.

Import Discovery Agent

Modern software development involves using third-party libraries and dependencies. This agent will analyze your application's source code and provide a list of all third-party dependencies and modules that your application uses.

CVE Association Agent

While third-party dependencies are essential for application development, they also bring potential security risks that need to be addressed. Instead of analyzing each and every dependency that is being used in your application's source code, this intelligent agent will use a database of CVEs and analyze each dependency in context to identify only those dependencies that are associated with security risks.

Vulnerability & Analysis Agents

These agents use offensive security techniques and semantic analysis of your application's source code and runtime logic to identify vulnerabilities.

Vulnerability Agent (Main)

The Vulnerability Agent acts as a central command for detecting potential threats. This agent controls the strategy for conducting a security scan. It calls specialized sub-agents depending on the project's profile. This includes calling the Semgrep Agent for rule-based detection and the AI Scanning Agent for heuristic detection, in order to carry out a multi-layered defense assessment.

Code Interaction Agent

Security is a conversation. The Code Interaction Agent puts the power in the user's hands to ask questions of the code itself. Whether it's a detailed analysis of a specific file or an explanation of a complicated code block, this agent provides answers with context.

Semgrep Agent

Accuracy is the key for finding known vulnerability patterns in code. The Semgrep Agent creates custom rules based on the application's specific language and framework using high-fidelity Semgrep rules. This agent is perfect for finding syntactic security anti-patterns with zero false positives.

AI Scanning Agent

The cutting edge of Deflectra's scanning power. The AI Scanning Agent uses advanced large language models to "understand" the code's intent in order to identify logic-based vulnerabilities other scanners can't find. This agent coordinates the SAST and DAST sub-agents for a comprehensive scanning process.

Learn more about our AI-Powered Scan.

SAST Agent (Static Application Security Testing)

The SAST Agent is a static code analyzer that performs a white-box test of the code itself. By examining the source code of the application, this agent can identify insecure coding practices.

By understanding the data flow paths through the code itself, this agent can identify potential security holes such as SQL injection or XSS attacks.

DAST Agent (Dynamic Application Security Testing)

The DAST Agent is a simulation of a real-world attacker. It uses the HTTP Request Sub-agent and launches real-world attacks on your running application. It checks if the theorized vulnerability can actually be exploited in a real-world scenario by using the HTTP Request Sub-agent and simulating attacks on your running application.

Vulnerability Chaining Agent

Attackers in the real world don’t launch single attacks on an application. The Vulnerability Chaining Agent simulates attacks by combining multiple vulnerabilities. For example, if a low-severity vulnerability in a library can be used to chain an attack on a high-severity vulnerability in an injection vector, this agent will identify it. It will then show the true severity of the low-severity vulnerability in the library.

Observation & Auditing Agents

For trust and security, it’s vital that every action taken by the AI can be audited and that it’s transparent. The following agents ensure that this requirement is met.

Endpoint Vulnerability Agent

Having identified the attack surface, the next step is to scan it. The Endpoint Vulnerability Agent can perform bulk vulnerability checks on the entire API surface. Alternatively, it can use its power and expertise to concentrate on a single endpoint that the user has selected.

AI Interaction Logger

Every action performed by the AI agents, every query, and every analysis is recorded by the Interaction Logger. This allows the developer to trace the actions performed by the AI and verify that it’s performing as expected.

DAST HTTP Logger

The logger captures all the network requests made during the dynamic analysis process, offering a comprehensive transcript of the network requests made to your application, which can be used to examine the payloads used during the testing process.

Security Agents Architecture​

Core Infrastructure Agents​

Documentation Agent​

Endpoint Scanning Agent​

Endpoint Verification & Deduplication Agent​

Import Discovery Agent​

CVE Association Agent​

Vulnerability & Analysis Agents​

Vulnerability Agent (Main)​

Code Interaction Agent​

Semgrep Agent​

AI Scanning Agent​

SAST Agent (Static Application Security Testing)​

DAST Agent (Dynamic Application Security Testing)​

Vulnerability Chaining Agent​

Observation & Auditing Agents​

Endpoint Vulnerability Agent​

AI Interaction Logger​

DAST HTTP Logger​