NullSquare
conceptbeginnerReviewed May 18, 2026

Assistant chat

A read-only analyst over your scope data — for questions about assets, findings, coverage, and readiness without launching a run.

Assistant chat is a read-only analyst sitting on top of your existing scope data. It can answer questions about what the platform has already discovered — assets, findings, evidence, coverage, readiness, rules of engagement — without launching a new assessment.

Think of it as the difference between "tell me what we know" and "go find out." For the first, use chat. For the second, launch a run.

What you will learn

  • When to use chat. Quick analysis, status questions, finding summaries, readiness review.
  • When to launch a run instead. Anything that needs new testing or live evidence.
  • What the assistant can read. Active scope data — assets, findings, RoE, prior runs, readiness.
  • Output style. Markdown text, lists, tables, and diagrams suitable for sharing.

Related app areas

/chat

What assistant chat is

The assistant has structured access to the data the platform has already collected for the active scope. It can answer questions, summarize, compare across runs, and produce written analyses — but it does not run scans, send requests, or perform any active testing.

It is the right tool for "what did we already learn" questions and for turning the platform's data into something you can paste into a Slack thread, a status update, or a stakeholder email.

Questions it answers well

  • Which assets in this scope currently have critical findings?
  • Summarize the open findings across the customer portal for our weekly review.
  • What changed in this scope since the last run?
  • What does the rules of engagement document currently exclude?
  • Which compliance controls are still missing evidence?
  • Which assets have not been tested in the last 30 days?
  • Compare findings between the staging and production scopes.

What it will not do

These are not platform limitations to work around — they are intentional. New testing belongs in a run so the platform can plan, execute under rules of engagement, and capture evidence.

  • Launch scans or send any network requests.
  • Modify findings, assets, evidence, or scope configuration.
  • Use shell, browser, or any active execution tools.
  • Replace an assessment run when the question is "is this vulnerable?".

If you find yourself asking chat to test something

Open the Runs page and write the same question as a run goal. The platform will plan it, execute it inside the scope's rules of engagement, and preserve the evidence. Chat is for analyzing what already exists.

What the output looks like

Responses are written in Markdown — text, lists, tables, and inline links to assets and findings. The chat can also produce diagrams (for example a high-level map of scopes and runners) on request. Output is copy-paste safe; nothing references internal platform machinery.

Scope-bound by design

Chat always operates against the active scope. To analyze a different environment, switch the active scope first. This keeps answers focused and prevents accidental cross-environment leakage in shared screenshots or notes.

Related articles