Enrich security vulnerabilities using AI
Security teams often face two critical challenges that slow down vulnerability remediation:
- Understanding vulnerabilities quickly โ Raw scanner output is dense, technical, and rarely provides clear remediation steps
- Acting fast enough โ Even after analysis, fixing issues typically requires manual developer effort, leading to delays and higher risk exposure
This guide demonstrates how to solve both problems using Port's AI agents. When a vulnerability is marked as critical, an AI agent automatically enriches it with a clear summary, impact explanation, and actionable remediation steps. Once that summary is available, Claude Code is triggered to generate and propose a fix in a pull request โ reducing time-to-remediation from days to minutes.
Prerequisitesโ
Before you begin, ensure you have:
- Completed the onboarding process
- A Port account with AI agents feature enabled
- Security vulnerabilities synced into Port (e.g., via Snyk, Wiz, or SonarQube)
- Completed the setup in the Trigger Claude Code from Port guide
While this guide uses Claude Code as the coding agent, you can easily substitute it with other AI coding assistants like GitHub Copilot or Google Gemini. Simply update the webhook URL and payload structure in the automation to match your preferred coding agent's API.
Set up data modelโ
First, you need to ensure your vulnerability blueprint includes an ai_summary property to store the AI-generated analysis.
-
Go to the builder page of your portal
-
Search for the blueprint you want to update
-
Click on the
{...}button in the top right corner, and chooseEdit JSON -
Add this JSON snippet to the properties of the blueprint:
"ai_summary": {
"type": "string",
"title": "AI Analysis",
"description": "AI-generated analysis and remediation steps",
"format": "markdown"
} -
Click
Save
Create a self-service actionโ
Next, you will create a self-service action that updates vulnerability entities with AI-generated summaries. This action will be called by the AI agent to store its analysis.
- Head to the self-service page of your portal
- Click on the
+ New Actionbutton - Click on the
{...} Edit JSONbutton - Copy and paste the following JSON configuration into the editor
Update vulnerability with AI summary action (Click to expand)
{
"identifier": "update_vulnerability_with_ai_summary",
"title": "Update Vulnerability with AI Summary",
"icon": "Vulnerability",
"description": "Updates the vulnerability entity with AI-generated analysis and remediation steps",
"trigger": {
"type": "self-service",
"operation": "DAY-2",
"userInputs": {
"properties": {
"ai_summary": {
"type": "string",
"title": "AI Summary",
"format": "markdown"
}
},
"required": ["ai_summary"],
"order": ["ai_summary"]
},
"blueprintIdentifier": "securityVulnerability"
},
"invocationMethod": {
"type": "WEBHOOK",
"url": "https://api.getport.io/v1/blueprints/{{.action.blueprint}}/entities/{{.entity.identifier}}",
"agent": false,
"synchronized": true,
"method": "PATCH",
"headers": {
"RUN_ID": "{{ .run.id }}",
"Content-Type": "application/json"
},
"body": {
"properties": {
"ai_summary": "{{ .inputs.ai_summary }}"
}
}
},
"requiredApproval": false
}
Make sure to adjust the following fields:
blueprintIdentifier- Change this to match the blueprint representing security issues in your data model (e.g.,snykVulnerability,wizIssue,sonarQubeIssuefor Snyk, Wiz, and SonarQube respectively)
- Click
Save
Create your AI agentโ
Now let's create an AI agent that analyzes vulnerabilities and calls the action above to update them with AI-generated summaries.
- Go to the AI Agents page of your portal
- Click on
+ AI Agent - Toggle
Json modeon - Copy and paste the following JSON schema
Vulnerability enrichment agent (Click to expand)
{
"identifier": "vulnerability_enrichment_agent",
"title": "Vulnerability Enrichment Agent",
"icon": "Vulnerability",
"properties": {
"description": "Provides remediation steps and mitigation strategies for vulnerabilities",
"status": "active",
"allowed_blueprints": [
"securityVulnerability",
"githubRepo"
],
"allowed_actions": [
"update_vulnerability_with_ai_summary"
],
"prompt": "You are an agent responsible for analyzing security vulnerabilities and providing actionable recommendations.\n\n### Guidelines\n- Summarize the vulnerability in simple terms.\n- Explain the potential impact if exploited.\n- Recommend step-by-step remediation strategies.\n- Suggest best practices to prevent similar vulnerabilities.\n- Tailor responses to the severity (Critical, High, Medium, Low).\n\nAfter generating the summary, call the \"update_vulnerability_with_ai_summary\" action to update the vulnerability entity with the summary",
"execution_mode": "Automatic",
"conversation_starters": [
"Explain the impact of CVE-2025-1234",
"Suggest a remediation plan for this SQL injection vulnerability",
"What steps should I take to patch a high severity XSS issue?"
]
},
"relations": {}
}
- Click
Createto save the agent
Set up automationsโ
We will now create two automations that orchestrate the complete vulnerability enrichment and remediation workflow:
- Trigger the AI agent when a vulnerability's severity changes to Critical
- Assign Claude Code to generate a fix based on the AI-provided summary and open a pull request
This automation is currently configured to trigger when a vulnerability's severity changes to Critical. You can easily adapt the trigger criteria based on your workflow needs:
- Enrich vulnerabilities when severity is High or above
- Trigger AI enrichment only for vulnerabilities belonging to specific services or teams
- Run enrichment on newly created vulnerabilities regardless of severity
- Apply different enrichment prompts depending on vulnerability type (e.g., SQL injection vs. misconfiguration)
Automation 1: Trigger AI agent on severity changeโ
This automation detects when a vulnerability becomes critical and triggers the AI agent to analyze it.
- Go to the automations page of your portal
- Click on
+ Automation - Copy and paste the following JSON schema
Generate AI security summary automation (Click to expand)
{
"identifier": "generate_ai_summary",
"title": "Generate AI Security Summary",
"description": "Automation to trigger the AI agent when a vulnerability changes severity to critical",
"icon": "AI",
"trigger": {
"type": "automation",
"event": {
"type": "ENTITY_UPDATED",
"blueprintIdentifier": "securityVulnerability"
},
"condition": {
"type": "JQ",
"expressions": [
".diff.before.properties.severity != \"critical\"",
".diff.after.properties.severity == \"critical\""
],
"combinator": "and"
}
},
"invocationMethod": {
"type": "WEBHOOK",
"url": "https://api.getport.io/v1/agent/vulnerability_enrichment_agent/invoke",
"agent": false,
"synchronized": true,
"method": "POST",
"headers": {
"RUN_ID": "{{ .run.id }}",
"Content-Type": "application/json"
},
"body": {
"prompt": "Generate a summary and remediation steps for vulnerability with entity identifier {{ .event.context.entityIdentifier }}. The issue has been updated with the following details: {{ .event.diff.after.properties }}",
"labels": {
"source": "Security AI Summary",
"entityIdentifier": "{{ .event.context.entityIdentifier }}"
}
}
},
"publish": true
}
- Click
Createto save the automation
Automation 2: Trigger Claude Code to fix vulnerabilityโ
Once the AI summary is generated, this automation triggers Claude Code to automatically generate a fix and open a pull request.
- Go back to the automations page of your portal
- Click on
+ Automation - Copy and paste the following JSON schema
Auto fix security vulnerability automation (Click to expand)
{
"identifier": "auto_fix_security_vulnerability",
"title": "Auto Fix Security Vulnerability",
"description": "An automation to trigger Claude Code to fix the issue",
"icon": "Vulnerability",
"trigger": {
"type": "automation",
"event": {
"type": "ENTITY_UPDATED",
"blueprintIdentifier": "securityVulnerability"
},
"condition": {
"type": "JQ",
"expressions": [
".diff.before.properties.ai_summary == null",
".diff.after.properties.ai_summary != null"
],
"combinator": "and"
}
},
"invocationMethod": {
"type": "WEBHOOK",
"url": "https://api.getport.io/v1/actions/run_claude_code/runs",
"agent": false,
"synchronized": true,
"method": "POST",
"headers": {
"RUN_ID": "{{ .run.id }}",
"Content-Type": "application/json"
},
"body": {
"properties": {
"service": "{{ .event.diff.after.relations.service}}",
"prompt": "Here is the information about the security vulnerability: {{ .event.diff.after }}.\n\nGenerate a code fix for the issue based on the AI-provided summary {{ .event.diff.after.properties.ai_summary }}.\nAfter generating the code, open a PR with a description summarizing what was fixed and why."
}
}
},
"publish": true
}
- Click
Createto save the automation
Test your workflowโ
Now it's time to test your complete vulnerability enrichment workflow:
- Create or sync a vulnerability with severity set to Critical
- Port automatically triggers the Generate AI Security Summary automation
- The AI agent enriches the vulnerability with a clear summary and remediation steps
- The Auto Fix Security Vulnerability automation triggers Claude Code, which generates a code fix and opens a pull request in your repository
- Review and merge the PR to complete the remediation loop
What's next?โ
Your automated security workflow is now complete! Here are some ways you can extend it:
- Integrate with other coding agents: Replace Claude Code with GitHub Copilot or any other coding agent integrated with Port
- Customize triggers: Adjust when and how the AI agent is triggered based on your security policies
- Add approval workflows: Require human approval before automatically applying fixes
- Scale to other issue types: Apply the same pattern to bugs, performance issues, or compliance violations