Question 1

What is RAG in cybersecurity?

Accepted Answer

RAG (Retrieval-Augmented Generation) in cybersecurity is a technique where an AI system first retrieves relevant data from your actual security infrastructure — such as asset graphs, CVE databases, compliance scores, and findings — before generating responses. Unlike generic AI chatbots, RAG-powered security tools provide answers grounded in YOUR real data, making them far more accurate and actionable for security decision-making.

Question 2

How does EchelonGraph use RAG for security?

Accepted Answer

EchelonGraph's AI Security Analyst uses a 4-source RAG pipeline: (1) Neo4j graph database for infrastructure topology and blast radius analysis, (2) PostgreSQL for CVE vulnerability data across thousands of real-time tracked CVEs, (3) Compliance scoring across 17 frameworks including SOC 2, HIPAA, PCI-DSS, CIS AWS/GCP/K8s, Pod Security Standards, and AI Workload Compliance (EU AI Act + NIST AI-RMF + ISO 42001), and (4) Risk factor breakdown with severity analysis. This context is assembled and sent to Gemini 1.5 Pro, which generates specific, actionable responses about your environment.

Question 3

What is an AI Security Analyst?

Accepted Answer

An AI Security Analyst is an intelligent assistant that helps security teams analyze vulnerabilities, assess risk, and prioritize remediation using natural language. EchelonGraph's AI analyst goes beyond generic AI by using RAG to retrieve your actual infrastructure data before generating responses — so when you ask 'What's my biggest risk?', it references your real assets, real CVEs, and real compliance gaps.

Question 4

Is RAG better than embeddings for cybersecurity?

Accepted Answer

For structured security data like asset graphs, CVE databases, and compliance scores — yes. Traditional RAG uses vector embeddings and semantic search, but EchelonGraph uses direct graph (Neo4j) and SQL queries for retrieval. This is faster, more accurate, and eliminates the hallucination risks that come with approximate nearest-neighbor search in vector databases. Your security decisions should be based on exact data, not fuzzy similarity matches.

Question 5

What LLM does EchelonGraph AI Analyst use?

Accepted Answer

EchelonGraph's AI Security Analyst uses Google Gemini 1.5 Pro via Vertex AI. It runs at temperature 0.1 for deterministic, security-focused responses. The model is specifically prompted to only reference data from the retrieved context — never hallucinate asset names, CVE IDs, or compliance scores. Authentication uses GCP service accounts (no API keys).

Question 6

Is data from other tenants ever visible to the AI Analyst?

Accepted Answer

No. Every retrieval query — Neo4j Cypher for the attack graph, SQL for CVE findings, compliance scores, and risk factors — is parameterized with the requesting tenant's UUID derived from a verified JWT. The system prompt instructs Gemini to reference only the retrieved context, and there is no cross-tenant cache, no shared training data, no demo-mode bypass, and no super_admin path that could surface another tenant's data. Each customer's environment is mathematically isolated end-to-end.

Question 7

How long does an AI Analyst query take?

Accepted Answer

Typical end-to-end latency is 2-4 seconds: ~50-200ms for parallel retrieval across Neo4j and PostgreSQL, then 1.5-3.5 seconds for the Gemini 1.5 Pro completion. The retrieval step uses 5-second timeouts on each source and runs them in parallel so a slow component never blocks the whole query.

Question 8

Is there an audit log for AI Analyst queries?

Accepted Answer

Yes. Every chat request is logged with tenant_id, user_id, prompt token count, response token count, latency, model version, and the set of retrieved sources. Logs are tenant-scoped via the same JWT mechanism — tenant admins see only their own organization's queries.

Question 9

Which plans include the AI Security Analyst?

Accepted Answer

AI Security Analyst is included on the Pro and Enterprise plans. Free-tier accounts can browse the rest of EchelonGraph but won't see the chat widget — the backend returns a feature-not-available response with an upgrade link for non-paid tenants.

Feature	EchelonGraph RAG	Generic AI Chatbots
Data Source	✓ Your actual Neo4j graph + PostgreSQL	Generic training data
Accuracy	✓ References real CVE IDs, asset names	May hallucinate
Retrieval Method	✓ Direct graph + SQL queries	Vector similarity search
Freshness	✓ Real-time (queries live DB)	Stale embeddings
Context	✓ Tenant-specific infrastructure	Shared/generic knowledge

AI Security Analyst
that understands YOUR infrastructure

What is RAG in Cybersecurity?

4 data sources, one intelligent response

Neo4j Attack Graph

CVE Database

Compliance Scores

Risk Factors

Ask anything about your security

Each answer is locked to your account.

See the AI Analyst in action

EchelonGraph RAG vs. Generic AI

How EchelonGraph's RAG Pipeline Works

Intent Classification

Context Retrieval (RAG)

Context Assembly

LLM Generation

Source Attribution

See the rest of the EchelonGraph platform

Ready to try RAG-powered security?

AI Security Analystthat understands YOUR infrastructure