Ask Nexus — local AI assistant

Brand

Ask Nexus

Where it runs

Local — no external API

Cost

No API key · no token bill

Best-of

Security Copilot · Charlotte · Purple AI (but private)

What it does

Ask Nexus is a transparent, on-prem engine — not a cloud copilot. Everything it produces is computed from your real data and can be explained, so you can trust it in an investigation rather than taking a black box on faith.

• NL → NQL — turn a plain-language question into a query the SIEM can run.
• Incident triage — a Naive Bayes classifier learned from your analysts' dispositions.
• Prioritization — P1 / P2 / P3 with a transparent, explainable score.
• Kill-chain narrative — a readable summary of how an incident unfolded.
• Response recommendations — the next steps (and the playbook) that fit.

Local, private, free

The defining trait of Ask Nexus is where it lives: on your manager. It needs no API key, bills nothing per query, and never sends your telemetry to a third party. It learns from the dispositions your analysts already make and improves as you work alerts — honestly reporting "collecting" until it has enough signal.

Ask Nexus vs cloud AI

Cloud security assistants — Microsoft Security Copilot, CrowdStrike Charlotte AI, SentinelOne Purple AI — chase the same goal: triage, summarize, recommend. Ask Nexus aims at the same outcomes, but with two differences that matter in a SOC: it is private (your data stays in your network) and free of token costs (no metered per-query bill).

Tips

• Resolve and acknowledge alerts honestly — that is the signal the classifier learns from.
• Use NL → NQL in the Search view to get from a question to results without memorizing syntax.
• A fresh install shows "collecting"; that is Ask Nexus being honest, not broken.