ThreatVec Help
AI agent security posture — reference guide
Posture Score
The posture score (0–100) is a weighted composite of three dimensions measured continuously across your AI fleet.
| Dimension | Default Weight | What it measures |
|---|---|---|
| Agent Score | 40% | Rule coverage, trust score, red team pass rate, behavioral drift per agent |
| MCP Score | 35% | MCP server integrity, covert instruction detection, catalog trust, schema stability |
| Shadow AI Score | 25% | Unregistered AI services in use; high-risk services penalize the score |
Weights are adjustable in Settings → Score Weights. The AI advisor suggests optimal weights based on your deployment profile.
Week-1 Value Path
Three steps — no infrastructure changes required on day one.
No code changes. Install, browse normally for an hour, and see which AI services your employees are using. Visit /extension for the download and setup instructions.
pip install threatvec ThreatVec.auto()
Add these two lines to your agent's startup. A posture score appears on the dashboard within seconds.
Once data flows in, ThreatVec generates a plain-English brief with your posture score, top risks, and a recommended action. Use the Board Pack button to export a compliance evidence package.
Agent Fleet
Every registered AI agent has a posture card showing its score, rule count, trust score, and status.
AgentBench
Probes your agents with adversarial inputs — prompt injections, data exfiltration attempts, jailbreaks — to test whether safety controls work. Results map to MITRE ATLAS techniques and feed back into the posture score.
Run it from the dashboard (Run AgentBench) or via the API:
POST /api/v1/agentbench/run
{"agent_id": "your-agent-id", "mode": "quick"}
Lethal Trifecta Analysis
Each agent is assessed against Simon Willison's lethal trifecta framework: does it have access to private data, does it process untrusted content, and can it communicate externally? All three together = maximum risk. Assessed via the agent risk profile card.
Shadow AI Discovery
ThreatVec discovers every AI service your employees use — including services IT hasn't approved — via the Chrome extension and M365 Copilot logs.
| Risk Level | Meaning |
|---|---|
| HIGH | PII detected in uploads, or unknown unclassified service |
| MEDIUM | Unregistered but known consumer AI service |
| LOW | Registered and approved AI service |
Services marked with ! are unregistered. Review them in the Shadow AI panel and either add an alert rule or register them as approved via Settings → Assets.
Vulnerability Exposure
ThreatVec ingests CVEs from NVD (free) and optionally Vulners (paid), filters them for AI-relevant libraries, and scores them by priority for your specific tech stack.
Priority Score (0–100)
| Component | Weight | Source |
|---|---|---|
| CVSS Base Score | 40 pts | NVD / Vulners |
| Stack Match | 30 pts | Your tech stack import |
| EPSS Score | 20 pts | Exploit prediction probability |
| Age | 10 pts | Days since publication |
SLA Windows
| Severity | SLA |
|---|---|
| CRITICAL | 7 days |
| HIGH | 30 days |
| MEDIUM | 90 days |
| LOW | 365 days |
Mark CVEs as fixed, deployed, investigating, or wont_fix directly from the table or the CVE detail page.
AI Patch Query
The ✨ query bar on the Vulnerability Exposure page lets you ask natural-language questions about your CVE exposure.
Example questions
ThreatVec extracts the filter intent, queries the database, and returns a 2–4 sentence answer with specific CVE IDs cited. Works without an API key via keyword fallback.
API
POST /api/v1/patches/ask
{"question": "what linux patches matter most right now?"}
Red Team
ThreatVec's red team engine continuously generates adversarial scenarios from real CVEs and tests them against your agents.
Learning Cycle
- Ingests recent AI-relevant CVEs
- Generates adversarial scenarios mapped to MITRE ATLAS techniques
- Runs scenarios against registered agents
- Records pass/fail results → feeds back into posture score
Runs weekly by default. Trigger manually: Red Team → Run cycle or POST /api/v1/red-team/learn/run-cycle.
ATLAS Coverage Heatmap
Shows test coverage across MITRE ATLAS technique families. Green cells (≥80% pass) are holding. Amber cells (50–79%) have bypasses. Gray cells are untested — run a cycle to generate scenarios.
Compliance Evidence
ThreatVec generates structured evidence packages for six governance frameworks from your live posture data.
| Framework | Coverage |
|---|---|
| OWASP LLM Top 10 | LLM01–LLM10 |
| NIST AI RMF | GOVERN · MAP · MEASURE · MANAGE |
| EU AI Act | Articles 9, 10, 13, 14, 17 |
| SOC 2 Type II | AI-relevant controls |
| ISO 27001 | AI addendum |
| MITRE ATLAS | Technique coverage map |
Control Statuses
Export
GET /api/v1/compliance/owasp-llm/evidence-export GET /api/v1/compliance/nist-ai-rmf/evidence-export GET /api/v1/compliance/eu-ai-act/evidence-export GET /api/v1/compliance/summary ← dashboard pill strip data
Alert Rules
Alert rules fire when specific conditions are met. Configure in Settings → Alert Rules or via API.
| Trigger Type | Fires when |
|---|---|
score_drop | Posture score drops by X points or more |
new_shadow_asset | An unregistered AI service is discovered |
pii_spike | PII detections exceed threshold in a time window |
red_team_bypass | An adversarial scenario bypasses controls |
new_critical_cve | A critical CVE affecting your stack is ingested |
Notifications: Slack webhook · PagerDuty · SOAR webhook (HMAC-signed) · email digest.
Python SDK
pip install threatvec
Quickstart
from threatvec import ThreatVec
# Auto-detect: reads THREATVEC_URL and THREATVEC_AGENT_NAME from env
ThreatVec.auto()
# Or: explicit
tv = ThreatVec(
server_url="https://app.threatvec.com",
agent_name="MyAgent",
org_key="myorg", # optional
)
tv.start()
# ... your agent runs here ...
tv.stop()
Environment variables
| Variable | Description |
|---|---|
THREATVEC_URL | ThreatVec server URL |
THREATVEC_AGENT_NAME | Agent display name |
THREATVEC_ORG_KEY | Organization key |
THREATVEC_ENABLED | Set to false to disable without removing code |
Chrome Extension
The Chrome extension detects AI service visits and PII uploads without reading page content.
- Go to /extension → download the package
- Open Chrome →
chrome://extensions→ enable Developer Mode - Click "Load unpacked" → select the downloaded folder
- Click the ThreatVec icon → enter your server URL and org key
Events appear in the Shadow AI Monitor within minutes. No page content is transmitted — only domain name, event type, and detected PII categories (never the actual PII values).
Tech Stack Import
Import your software inventory as a CSV to enable "my stack" CVE correlation. Patches matching your stack get a 30-point priority boost.
CSV format
technology,version,vendor,asset_count postgresql,16.2,PostgreSQL Global Development Group,3 redis,7.2.4,Redis Ltd,2 langchain,0.2.1,LangChain Inc,2
Only technology is required. Download a pre-filled template: tech-stack-template.csv
POST /api/v1/tech-stack/import (multipart/form-data)
GET /api/v1/tech-stack (list entries)
DELETE /api/v1/tech-stack/{id} (remove entry)
Integrations
| Integration | Signals provided | Configure in |
|---|---|---|
| Okta | Auth anomaly signals | Settings → Integrations |
| CrowdStrike | AI process detection | Settings → Integrations |
| Splunk | SIEM event correlation | Settings → Integrations |
| Microsoft Sentinel | SIEM + DNS events | Settings → Integrations |
| Microsoft M365 | Copilot logs, identity | Settings → Integrations |
| Netskope / Zscaler | CASB PII signals | Settings → Integrations |
| Proofpoint TAP | Email threat correlation | Settings → Integrations |
| Snapper | Deep red team + MCP integrity | Settings → Snapper |
API Reference
Full interactive API docs are available at /docs (OpenAPI / Swagger UI).
Key endpoints
| Endpoint | Description |
|---|---|
GET /api/v1/posture | Current posture scores (all dimensions) |
GET /api/v1/posture/brief | Plain-English AI Security Brief |
GET /api/v1/patches | CVE list with priority scoring and filters |
POST /api/v1/patches/ask | Natural-language patch query |
GET /api/v1/patches/stats | Headline CVE counts |
PATCH /api/v1/patches/{id}/status | Mark CVE as fixed / deployed / etc. |
GET /api/v1/compliance/summary | Framework coverage pill data |
GET /api/v1/compliance/{fw}/evidence-export | Full compliance evidence package |
GET /api/v1/reports/board-pack | Board Pack evidence bundle |
POST /api/v1/assets | Register an agent or MCP server |
POST /api/v1/tech-stack/import | Bulk import tech stack CSV |
POST /api/v1/red-team/learn/run-cycle | Trigger red team learning cycle |
GET /api/v1/signals/stream | SSE live signal stream |
GET /healthz | Health check |
Authentication
Pass your org key in the X-Org-Key header for all API calls when ORG_KEY is configured.
Enforcement Layer
ThreatVec provides visibility. Once you can see the risk, the natural next step is active enforcement — blocking prompt injections, enforcing tool-call policies, filtering sensitive data.
ThreatVec's attack surface map, gap scan, and posture scores are designed to feed directly into enforcement policy decisions. The Policy Enforcement card on the dashboard shows your enforcement coverage and highlights uncovered high-risk agent-tool pairs.
ThreatVec integrates with enforcement layers via:
- Webhook receiver at
POST /api/v1/enforcement/webhook(HMAC-signed) - Enforcement event feed displayed in the Live AI Traffic panel
- Blocked call counts feeding back into posture score
- Gap scan at
GET /api/v1/enforcement/gap-scan
Security Frameworks
| Framework | What ThreatVec maps | Evidence export |
|---|---|---|
| OWASP LLM Top 10 | Prompt injection, supply chain, plugin design, excessive agency, sensitive disclosure | JSON |
| NIST AI RMF | GOVERN-1, MAP-1/2, MEASURE-1/2, MANAGE-1/2 | JSON |
| EU AI Act | Art.9 (risk mgmt), Art.10 (data governance), Art.13 (transparency), Art.14 (human oversight), Art.17 (quality mgmt) | JSON |
| SOC 2 Type II | Asset inventory, continuous monitoring, enforcement, telemetry coverage, risk posture | JSON |
| MITRE ATLAS | 84 techniques across 16 tactic families, tested continuously via red team cycle | Heatmap |