Axonius Documentation
  1. Asset Cloud
  2. Exposures
  3. Recommended Actions

How Axonius Levarages AI in Recommended Actions

Overview

Axonius Recommended Actions provides vendor-backed repair and mitigation instructions directly within the customer's dashboard, thus transforming vulnerability discovery into precision mobilization. Instead of simply identifying risks, this feature acts as a technical implementation partner, delivering specific solutions - such as software patches or compensating controls (e.g., firewall rule changes or EDR policy adjustments) - to improve security effectiveness. The platform utilizes two distinct AI mechanisms:

  1. An LLM parses datasets retrieved directly from official vendor APIs and public security databases (NVD, MITRE, etc.).
  2. A specialized chain of LLMs, planned and constructed by Axonius security researchers, translates these solutions into step-by-step execution and verification instructions to ensure follow-through. Every recommended action includes a direct attribution link to the source, and zero customer data is ever shared with external models.

Customers’ Control, Accessibility, and Settings

Activation Options & Functional Impact

Recommended Actions is enabled by default for all Exposures customers. While the feature is active out-of-the-box, full governance is maintained through the platform’s existing Role-Based Access Control (RBAC) framework. Customers’ administrators have granular authority to grant or restrict access to both the module and the "Action" data object via standard User Role Permissions.

The data is available from the Recommended Actions tab in the Axonius Action Center. It is integrated into each Security Finding profile page under the Available Actions section.

When Recommended Actions is deactivated, Exposures remains fully functional, but the dedicated tab and associated data are not provided.

Deployment and AI models

Recommended Action relies on Amazon Bedrock and Microsoft Azure OpenAI, and is available for both On-Prem and SaaS customer instances. None of these engines ever ingest customer assets data or PII.

Data Handling

Recommended Actions exclusively ingests unstructured and semi-structured technical data from official vendor public APIs such as Microsoft MSRC and RedHat, and public security databases such as NVD and MITRE.

Customer-specific asset metadata (installed software versions, OS types, etc.) stays within the customer's instance. This data is processed by Exposures using standard logic (non-AI) to map relevant solutions to the customer's assets. Zero customer PII or device identifiers are ever shared with external LLM providers.

Recommended Actions generates two distinct outputs:

  • Deterministic Solutions: Mapped software patches and version upgrades derived directly from vendor public API and public security databases like NVD and MITRE.

  • Custom Action Plans: Specialized step-by-step instructions for implementation and verification, as well as configuration-based mitigations (compensating controls).

Training and Optimization

Recommended Actions does not train, retrain, or fine-tune its global models on user-provided data.

Transparency, Explainability, and Human Oversight

The AI Recommended Action Plan and any action suggested from our AI-generated catalog are clearly labeled and marked with the AI Sparkles icon, to help customers distinguish generative content from other sources.

Each recommended action includes a reference link to the source, allowing customers to verify the technical logic of the generated content.

Recommended Actions does not engage in unsupervised, automated decision-making.

Accuracy, Reliability, Security and Integrity

Axonius maintains an active, multi-tiered Quality Assurance (QA) process. This includes:

  • Automated Validation: Continuous algorithmic checks for data consistency.

  • Expert Oversight: Independent manual reviews of the recommendations to maintain accuracy and integrity.

  • Continuous LLM Chain Monitoring: Real-time observability of the entire LLM pipeline to maintain operational health and technical integrity.

Reliability is managed through a scheduled monitoring lifecycle. Following the deployment of this AI-driven feature, we conduct periodic performance and accuracy assessments. This iterative process is designed to refine model outputs and align them with evolving security landscapes that pose new challenges.

Updated 1 day ago