Skip to main content
RAD’s AI Workers start by connecting to your security tools and data sources. Each worker focuses on specific security domains and operates continuously to provide security analysis and automated responses.

AI Worker Architecture

RAD’s AI Workers integrate with your existing security infrastructure to perform specialized security functions using advanced language models and real-time data analysis.

24/7 Automation

Continuous monitoring and analysis without human intervention

Intelligent Insights

AI-generated findings, recommendations, and actionable intelligence

Tool Integration

Direct integration with your existing security tools and data sources

Customizable Behavior

Tailor worker behavior to match your specific security requirements

Pre-Built AI Workers

RAD Security includes four specialized AI Workers, each optimized for specific security domains:

Cloud Security Worker

Model: claude-3-7-sonnet | Status: ActiveSpecialized AI agent for monitoring and analyzing cloud infrastructure security across AWS, GCP, and Azure environments. Automatically detects misconfigurations, compliance violations, and security gaps in your cloud infrastructure.

Vulnerability Worker

Model: claude-3-7-sonnet | Status: ActiveAutomated vulnerability assessment and remediation tracking across all infrastructure components and dependencies. Identifies critical vulnerabilities, tracks remediation progress, and provides prioritized recommendations.

GRC Worker

Model: claude-3-opus | Status: ActiveGovernance, Risk, and Compliance automation for SOC2, ISO 27001, HIPAA, and other regulatory frameworks. Ensures continuous compliance monitoring and generates audit-ready reports.

Runtime Triage

Model: claude-3-7-sonnet | Status: ActiveReal-time monitoring and triage of runtime security threats, anomalous behavior, and container security violations with immediate incident response capabilities.

Configuring AI Workers

Model Selection
  • claude-3-7-sonnet - General security tasks
  • claude-3-opus - Complex compliance and governance
Worker Settings
  • Assign descriptive name and purpose
  • Define scope of responsibilities
Manual - Run on-demand for specific investigationsScheduled - Recurring execution (hourly, daily, weekly, custom cron)Event-Based - Trigger on security events (new vulnerabilities, policy violations, anomalies)
Define worker behavior and tasks. Example from Vulnerability Worker:
You are a specialized vulnerability management AI assistant for {{accountName}}.

Core Functions:
1. Vulnerability Detection - Scan CVEs in dependencies and container images
2. Risk Assessment - Calculate CVSS scores and prioritize vulnerabilities  
3. Remediation Tracking - Create and assign remediation tickets
Best Practices:
  • Define specific roles and responsibilities
  • Include organizational context and asset counts
  • Use dynamic variables like {{accountName}} and {{assetCount}}
Workers access your organization’s knowledge base for context-aware responses:Categories: All, Data, Incidents, TestBenefits: Context-aware analysis, consistent responses, learning from past incidents
Connect workers to your security tools:Ticketing: Jira Cloud SIEM: Splunk Enterprise, CrowdStrike Falcon, Rapid7 InsightIDR Vulnerability Scanners: Qualys, CrowdStrike Spotlight, Rapid7 InsightVM, Tenable VM EDR: Microsoft Defender, CrowdStrike Falcon, SentinelOne, Sophos, Tanium, MalwareBytes IAM: Okta Identity

AI Worker Insights

AI Workers generate intelligent insights based on their analysis of your security environment:
In Progress - Active investigations and ongoing analysis Completed - Finished assessments with recommendations
Critical - High-priority findings requiring immediate attention
Each insight includes:
  • Severity Levels - HIGH, MEDIUM, LOW classifications
  • Affected Resources - Specific assets, containers, or systems
  • Timestamps - When the insight was generated and last updated
  • Categories - Vulnerability Management, Compliance, etc.
  • Detailed Analysis - Tables, summaries, and specific findings
Overview: The Vulnerability Worker has completed a scan of all production 
container images and identified 8 images with high or critical severity CVEs. 
Immediate patching is required to maintain security posture.

Critical Vulnerabilities:
- CVE-2021-44228 (Log4Shell) - CVSS 10.0
- Affected Images: api-gateway:v2.3.1, payment-service:v1.8.0

Resource Impact:
- 8 container images affected
- 2 critical CVEs, 5 high CVEs
- 7 total vulnerable packages

Worker Playground

Test and interact with your AI Workers in a safe environment:
  • Real-time Interaction - Chat directly with workers to test capabilities
  • Prompt Suggestions - Pre-built prompts like “Deployment Security Audit” or “Vulnerable Images Report”
  • Knowledge Testing - Verify worker access to knowledge base and integrations
  1. Deployment Security Audit - Find and fix Kubernetes misconfigurations
  2. Vulnerable Images Report - Identify container images with critical vulnerabilities
  3. Compliance Check - Verify adherence to security policies and frameworks
  • Test workers with realistic scenarios before deployment
  • Verify integration access and data retrieval
  • Validate response quality and accuracy
  • Check system prompt effectiveness

Metrics and Monitoring

Track AI worker performance and effectiveness:
  • Execution History - When workers ran and their duration
  • Success/Failure Rates - Track worker reliability and error rates
  • Resource Impact - Monitor computational resources and API usage
  • Insight Generation Rate - How many insights workers produce
  • Severity Distribution - Breakdown of findings by severity level
  • Action Items Created - Trackable tasks and recommendations generated
  • Trigger Optimization - Adjust execution frequency based on needs
  • Integration Efficiency - Monitor data source access and response times
  • Prompt Refinement - Improve system prompts based on output quality

Best Practices

  1. Start with Pre-built Workers - Use existing workers before creating custom ones
  2. Configure Triggers Appropriately - Use scheduled triggers for routine tasks, event-based for immediate response
  3. Test in Playground - Validate worker behavior before production deployment
  4. Enable Relevant Integrations - Connect workers to your existing security tools
  • Customize System Prompts - Tailor prompts to match your organization’s specific needs
  • Select Appropriate Models - Use claude-3-opus for complex compliance tasks, claude-3-7-sonnet for general security work
  • Configure Knowledge Base Access - Enable relevant knowledge categories for context-aware responses
  • Regular Review - Monitor worker insights and adjust configurations as needed
  • Integration Updates - Keep external integrations current with your tooling
  • Performance Monitoring - Track worker effectiveness and optimize as necessary

Getting Started

Ready to deploy AI Workers in your environment?

Step 1: Navigate to AI Workers

Access the AI Workers section in your RAD Security platform.

Step 2: Review Pre-built Workers

Explore the four available workers and their capabilities.

Step 3: Select and Configure

Choose a worker and configure triggers, integrations, and system prompts.

Step 4: Test in Playground

Validate worker behavior and integration access.

Step 5: Enable and Monitor

Deploy the worker and track its insights and performance.
Pro Tip: Start with the Vulnerability Worker for immediate value, then expand to other workers as you become comfortable with the platform. Use the playground to test different scenarios and refine your system prompts before deploying to production.