Matches

Caution

This is an experimental product and no real clients are using it yet, therefore the data used for testing is generated by the developers. The effectiveness of the tool is still under evaluation and concluding results will depend on feedback from analysts.

Matches allows to correlate Fluid Attacks’ vulnerabilities with custom vulnerabilities provided by the client via Integrates

Public Oath

Fluid Attacks handles client data with the utmost care and respect, including its custom criteria threats. Any AI tool (either external or self hosted) will be used ethically and responsibly. We will ensure that the data is not used for any other purpose than the one agreed upon with the client. An opt out agreement was made with the AI model provider to ensure that the data is not collected for training purposes.

Architecture

1. Criteria embedding: Fluid Attacks’ criteria library is processed to produce vector embeddings with VoyageAI to be stored in AWS S3.
2. Custom threat definition: The client can upload their custom threats criteria through the integrates platform for being eventually stored in AWS S3.
3. Threat mapping: A scheduled task will map the client’s custom threats against the Fluid Attacks’ criteria library, find the most correlated criteria and store those mappings in Dynamo DB.
4. See mapped threats in platform: The client can query the mappings through the integrates platform. These will be visible mainly in the findings services.

Data Security and Privacy

Matches does not manipulate personally identifiable information (PII), compromising or sensitive data, as it only processes custom vulnerabilities provided by the client. Such custom threats are Stored in DynamoDB and S3, all inside Fluid Attacks’ AWS Account

Voyage AI

Voyage AI, by default, utilizes customer data for training and improving AI models. However, Fluid Attacks explicitly opts out of this default setting, ensuring that client data provided to Voyage AI is used solely for generating embeddings and is not leveraged for any model training or improvement purposes. (Voyage AI Privacy Policy)

Some additional points to consider:

1. Voyage AI hosts its infrastructure in USA.
2. Since Fluid Attacks opted out of data collection, the data is not stored in Voyage AI’s servers (zero storage time).
3. Data transmitted to Voyage AI is encrypted in transit with SSL in all its APIs.
4. Voyage AI has GDPR, SOC 2 and HIPAA compliance certifications.

Contributing

Please read the contributing page first.

See also

• VoyageAI introduction.
• VoyageAI Privacy Policy.