Copilot module#

Copilot is an AI assistant trained on the Ctadel rule library, the cloud security graph schema, and a corpus of remediation playbooks. It sits behind a chat icon in the top right of the app.

What Copilot can do#

• Explain a rule. "What is AWS-S3-PUBLIC and why does it matter?"
• Suggest a fix. "Generate a Terraform patch for finding 12345."
• Summarise a chain. "Walk me through this toxic combination in two paragraphs."
• Triage a queue. "I have 50 OPEN findings in CSPM, group them by likely cause and recommend a sequence."
• Translate severity. "Convert this list into a risk register entry for our SOC 2 audit."

What Copilot cannot do#

• Modify your cloud. All output is text. You apply it.
• Modify your tenant. Status changes (ignore / resolve), policy edits, and user invites are not exposed to Copilot.
• Access secrets in cleartext. It sees the redacted snippet, the same one you see.
• Cross-tenant queries. It only sees the project you are currently in.

Where it appears#

• A floating chat button on every page.
• A "Ask Copilot about this" link inside every finding's detail panel.
• Inline suggestions in the Explorer when a query returns 0 rows or fails to parse.

Privacy#

• Your queries and findings are sent to the model provider for inference. The provider is contractually bound not to retain or train on the content.
• No customer data leaves the EU jurisdiction. The model is hosted in our European infrastructure.
• You can turn Copilot off entirely in Settings → General.

Limitations#

• Copilot does not always know the latest cloud-provider behaviour. Verify generated Terraform / CLI commands against vendor docs before applying.
• It will sometimes confabulate rule keys. If a rule key sounds wrong, search for it in Policies first.

What's next#

• Findings module
• Toxic Combinations module