Back to work

Case study

Security Scanner Triage Agent

LLM agent that ingests Nuclei/Semgrep/Trivy scan output, deduplicates findings, and produces prioritized, reviewable fixes.

PythonLLM AgentsRAGStreamlitChroma

Problem

Security scanners produce huge volumes of duplicate, low-context findings that take a human a long time to triage manually.

Approach

A reason-act-observe agent loop normalizes and clusters raw scanner findings, retrieves CVE/CWE context from a Chroma RAG store, and drafts remediation guidance — deliberately scoped to explaining fixes, never generating exploit code — surfaced through a Streamlit dashboard with an eval harness for precision and recall.