Ask AI
Ask AI is an AI-powered assistant built into every workspace that analyzes your security data and provides actionable insights through natural language conversation. Rather than manually sifting through assets, vulnerabilities, and notes, you can ask the assistant questions and receive contextual answers drawn directly from your workspace data.
Ask AI is available to Premium and Self-Hosted users. Free-tier users do not have access to this feature. Self-hosted deployments configured with a local LLM have unlimited usage.
How It Works
Ask AI operates as a per-user, per-workspace conversation. Each user in a workspace has their own private conversation thread with the assistant. When you send a message, Hawkra gathers the workspace data you have selected as context, combines it with your question, and sends it to the configured AI backend. The assistant then returns a response informed by your actual security data.
The system supports two AI backend modes:
- Cloud mode (Google Gemini): The default for SaaS deployments. Your selected context and question are sent to Google's Gemini API. This requires a configured API key and is subject to monthly message quotas.
- Local LLM mode: Available for self-hosted deployments. Your data stays on your infrastructure and is processed by a locally hosted language model server. There are no message quotas in local mode since you own the hardware.
Delta Tracking
Ask AI uses intelligent delta tracking to minimize redundant data sent to the AI. When you include context in a message, the system tracks which items have already been sent and their timestamps. On subsequent messages:
- New items (never sent before) are included in full.
- Updated items (sent before but modified since) are re-sent with current data.
- Unchanged items (sent before with no changes) are referenced by name only, saving context window space.
This means you can keep the same context selected across a multi-turn conversation without worrying about sending duplicate data to the AI.
Context Selection
Before sending a message, you can select which workspace data to include as context for the AI. This gives you precise control over what information the assistant can see and reason about.
Available Context Types
| Context Type | Description |
|---|---|
| Assets | Individual assets with IP addresses, hostnames, OS details, and optionally their discovered ports/services |
| Networks | Entire networks including all their assets, ports, and optionally linked vulnerabilities |
| Vulnerabilities | Specific vulnerabilities with severity, CVSS scores, CVE/CWE references, and optionally their affected assets |
| Notes | Your encrypted workspace notes (decrypted for context, then re-encrypted at rest) |
Context Toggles
When selecting context, you have additional toggles to control the level of detail:
- Include Services: When enabled for asset selections, port and service enumeration data is included alongside each asset. This is always enabled for network-based selections.
- Include Vulnerability Links: When enabled for vulnerability selections, the affected assets and ports are included with each vulnerability. This is always included for network-based selections when vulnerabilities are toggled on.
Select only the data relevant to your question. Including too much context can dilute the quality of responses. If you are investigating a specific subnet, select that network rather than all assets in the workspace.
Sending Messages
Type your question in the message input and send it. Messages can be up to 10,000 characters long. The AI processes your message along with any selected context and returns a response.
Each message exchange produces:
- Your original message (stored without the raw context data for a clean conversation history)
- A context summary showing what data was included (e.g., "3 new assets, 2 updated vulnerabilities, 1 referenced note")
- The assistant's response
Example Questions
- "What are the most critical vulnerabilities in the 10.0.1.0/24 network and which assets are affected?"
- "Based on the open ports on this server, what attack vectors should I prioritize?"
- "Summarize the security posture of the assets I've selected."
- "Are there any common weaknesses across these vulnerabilities that suggest a systemic issue?"
- "What remediation steps would you recommend for the vulnerabilities on this web server?"
Clearing Conversation History
You can clear your entire conversation history at any time. This deletes all messages in your current workspace conversation and resets the delta tracking state. The next message you send will treat all selected context as new.
Clearing your conversation is permanent. All messages and context tracking state are deleted and cannot be recovered.
Token Usage and Quotas
On SaaS deployments, Ask AI usage is tracked on a monthly per-user basis.
| Tier | Monthly Message Limit |
|---|---|
| Free | Not available |
| Premium | 100 messages per month |
| Self-Hosted (Cloud LLM) | Unlimited (configurable) |
| Self-Hosted (Local LLM) | Unlimited (no tracking) |
Your current usage is displayed in the AI interface. When you approach or reach your monthly limit, you will see a notification. Quotas reset at the start of each calendar month.
Self-hosted deployments using a local LLM bypass all quota checks entirely. Since the LLM runs on your own infrastructure, there is no usage tracking or rate limiting.
Cloud vs. Local LLM Configuration
The AI backend mode is determined by the LLM_MODE environment variable or the Admin Settings panel:
cloud(default): Uses Google Gemini. RequiresGEMINI_API_KEYto be configured. The model can be customized viaGEMINI_MODEL(defaults togemini-2.0-flash).local: Uses a locally hosted LLM server. RequiresLOCAL_LLM_SERVERto be set to the URL of your local inference server (e.g., an Ollama or vLLM endpoint).
Settings resolution follows the priority: environment variable > Admin Settings (database) > default value.
Tips and Notes
- Permissions: Any workspace member with the "View Assets" permission can use Ask AI. The assistant only sees data you explicitly select as context -- it does not have unrestricted access to your workspace.
- Privacy: In local LLM mode, all data stays within your infrastructure. In cloud mode, selected context is sent to Google's Gemini API for processing.
- Encrypted notes: Notes are stored encrypted at rest. When included as AI context, they are decrypted server-side for the AI request and never stored in plaintext.
- One conversation per workspace: Each user has a single conversation thread per workspace. To start fresh on a new topic, clear your conversation history.
- Network context is comprehensive: When you select a network as context, all assets within that network are automatically included along with their ports and services. You do not need to select individual assets separately.