Local AI triage with zero token cost
Cloud security copilots meter every question. Nexus ships a local AI that triages incidents, summarizes kill-chains and translates plain language to queries — for free.
AI in security tooling usually means a cloud LLM that bills you per query and ships your alerts to someone else's servers. Nexus took a different path: a local AI engine, bundled with nexus-fleet, that runs on your manager and never makes an external call. No API key, no token bill, no data leaving your network.
What it actually does
- Triage — scores every incident P1/P2/P3 from severity, kill-chain length and active-compromise signals.
- False-positive estimate — a Naive Bayes classifier that learns from how your analysts dispose of alerts.
- Kill-chain summary — a plain-language narrative of what happened, built from the incident timeline.
- Recommendations — concrete next steps mapped to MITRE techniques and ready-to-run SOAR playbooks.
- Natural language to query — type "failed logins this week" and get back a runnable NQL search.
Honest about what it is
This is not a large language model, and we don't pretend it is. It is an explainable, deterministic engine — statistics and heuristics — that you can audit line by line. When it hasn't seen enough data yet, it says so instead of guessing. And it gets sharper over time: every alert your team resolves teaches the classifier what is noise and what is real.
It starts the moment your manager does, and triages new incidents as they form. The opposite of a metered cloud copilot: always on, fully local, and free to run.
Your alerts are the last thing that should leave your network. So our AI doesn't send them anywhere.