AI and LLM Usage Disclosure

Remediation Guidance Generation

For each vulnerability finding, HailBytes ASM can generate a plain-language description, impact summary, and remediation guidance via an LLM call. The output is cached per finding with full provenance (provider, model, model version, generation timestamp) and stored alongside the deterministic finding payload.

Model record: LLMVulnerabilityReport
Cached: per finding, replayable

Phishing-Email Body Drafting (SAT)

HailBytes SAT can draft phishing-email bodies for simulation campaigns from a customer-provided brief. Drafts are reviewable and editable before any campaign sends. Send-side machinery is deterministic; LLM involvement ends at the template-drafting step.

Scope: template drafting only
Review gate: human-edit before send

Asset Attribution

Attribution of discovered assets to a target organization is deterministic. Inputs: hostname matching, certificate subject and SAN, BGP and ASN ownership, exclude lists, and project-scoped uniqueness constraints. No ML inference in the attribution pipeline.

False Positive Reduction

FP handling is deterministic: deduplication on write, explicit STATUS_FALSE_POSITIVE with audit trail, and per-engine EXCLUDED_SUBDOMAINS or EXCLUDE_EXTENSIONS lists. ML-based FP reduction is on the roadmap and is not in production today. Honest gap.

Risk Prioritization

The 0-to-100 composite risk score per vulnerability is rule-based. Inputs: severity, CVSS base score, EPSS score, CISA KEV status, Domain.business_criticality propagation, and threat-intel enrichment from named providers. No ML model rerank step.

Hosted Providers

For deployments that accept hosted LLM calls, HailBytes ASM supports OpenAI, Anthropic, and Google Gemini. The provider and model name are configured per deployment. Per-call provenance is recorded with each cached output.

• OpenAI (model selectable)
• Anthropic (Claude family, model selectable)
• Google Gemini (model selectable)
• Provider switch is a deployment-time setting

Self-Hosted / Air-Gapped (Ollama)

For deployments that cannot send any data to a hosted LLM, HailBytes ASM ships an Ollama backend with NVIDIA CUDA and AMD ROCm GPU support. The LLM runs inside the customer's own deployment perimeter; no outbound LLM traffic crosses the BYOC boundary. This is the recommended posture for regulated and classified deployments.

• Fully self-hosted, no external API calls
• GPU acceleration via CUDA or ROCm
• Model choice is customer's (Llama, Mistral, etc.)
• Compatible with AWS GovCloud and Azure Government

HailBytes Does Not Train Models

HailBytes does not train, fine-tune, or distill any LLM, ML model, or embedding model on customer scan data, customer findings, customer reports, or any input the customer provides to HailBytes products. There is no proprietary "HailBytes model" built from aggregated customer telemetry. The models referenced on this page are the third-party hosted or self-hosted models the customer selects at deployment time.

Hosted Provider Retention

HailBytes deployments call hosted provider APIs through the provider's standard enterprise endpoints. Provider-side retention is governed by the provider's own data-processing terms (OpenAI, Anthropic, and Google Gemini all publish enterprise terms that exclude API traffic from training corpora by default). Customers procuring HailBytes via marketplace private offer can layer their existing enterprise agreement with the provider for additional guarantees.