NetSecAI Cyber Audit Findings Interpreter

Paste the JSON from any cyber audit and NetSecAI turns each finding into a severity, a plain-English why and the exact config line to fix it.

NetSecAI reads the JSON dump from any cyber audit and turns each finding into something your team can ship: a severity, a plain-English explanation, and the precise config line or PHP filter you would type to close it. A scanner hands you 30 findings and zero idea of what to fix first, so NetSecAI sits on top of the dump and walks each one at a time. Paste the output from the Cyber Audit Suite, SecuChecker, Mozilla Observatory, Qualys SSL Labs or any scanner that emits a results array, or feed it a URL to scan live. It sorts by severity, explains each item in words a manager understands, then hands you a Markdown ticket ready for Jira or Linear. The rule-based engine runs offline against a knowledge base baked into the page, so nothing leaves your browser. Want a longer write-up for a report? Drop in your own OpenAI, Anthropic or Gemini key and AI mode leans on the model instead, with the key kept in localStorage and sent straight to the provider.

Queries run through the PeopleAreGeek lookup service. We log nothing.

NetSecAI: the assistant that turns a wall of audit JSON into patches your team can actually ship

A scanner hands you 30 findings and zero idea of what to fix first. That used to drive me up the wall, so I built NetSecAI to sit on top of the dump. Paste the JSON from any cyber audit (Cyber Audit Suite, SecuChecker, whatever scanner you cooked up yourself), or just feed it a URL to scan. Then it walks each finding one at a time. What is actually broken. How bad. And the exact config line you would paste to close it. One tab later you have got a Markdown ticket ready for Jira or Linear. The whole thing runs offline, against a knowledge base baked right into the page. Want something more long-winded for a report? Drop in your own OpenAI, Anthropic or Gemini key and it will lean on the model instead.

Input source

Mode

Audit JSON (paste the output from the Cyber Audit Suite, SecuChecker or any compatible scanner)

URL to scan

Your key lives in this browser localStorage and goes straight to the provider. I never proxy it, never log it, never see it.

Provider

Model

API key

What NetSecAI actually does

NetSecAI reads the JSON dump from any cyber audit and turns each finding into something your team can act on: a severity, a plain-English explanation, and the precise config line or PHP filter you would type to close it. Almost every scanner spits out the same thing, a pile of findings and a shrug. NetSecAI is the layer I bolt on top. It sorts that pile by severity and category, explains each item in words a manager will actually understand, then hands you the fix. The chat layout is not decoration. When you are staring down 12 findings across 3 categories, a conversation forces you to deal with one thing at a time. Honestly that beats your eyes sliding past a flat wall of red.

It eats the JSON from the Cyber Audit Suite (that is the pairing I would reach for), SecuChecker, Mozilla Observatory API output, Qualys SSL Labs, or any scanner you have written yourself, as long as it emits a results[] array carrying category plus finding.kind and finding.title. The offline engine already knows the usual WordPress and HTTP suspects, so you do not have to teach it a thing.

Offline rule-based mode versus AI mode

Out of the box it runs offline. The knowledge base maps every finding category to a written-out explanation plus a fix snippet, and that is the whole trick. Same input, same output, every single time. No key, no internet past the first page load. You always get the full shape back: severity, the plain-English why, the snippet you can paste. Boring, in the best possible way.

AI mode is where it gets chatty. Plug in your own Anthropic, OpenAI or Google key and NetSecAI ships the findings JSON to the model with a prompt that asks it to triage and explain, then drops the answer straight into the chat as the assistant. Your key never leaves the browser localStorage and never touches a backend. I reach for this mode in two spots. When some weird custom scanner throws categories the rules have never seen. Or when I need a longer write-up for a stakeholder who, let us be real, will not read a config file.

Exporting findings as tickets

The Markdown export tab spits out a ticket you can hand off as-is, grouped by severity. Each finding lands as a section: the title, the plain explanation, the fix snippet. Paste it into Jira, Linear, GitHub Issues, Notion, wherever your team triages. It is plain GitHub Flavored Markdown, so the code fences survive the trip and render properly in every tracker I have thrown it at so far.

Privacy and data handling

Once the page has loaded, rule-based mode never phones home. Not a single network call while it chews through your findings. AI mode does reach out, sure, but only to the provider you picked, with the key you typed, and that is the whole story. Nothing gets logged or kept. One habit I would keep regardless: if your JSON is stuffed with internal hostnames or URLs you would rather not share, strip them out first. The rules genuinely do not care. They work just as well on anonymised input.

Frequently asked questions

Where does my API key go?

Into your own browser, in localStorage under netsecai.apiKey. It never hits a PeopleAreGeek server, never gets logged, never gets proxied. The fetch goes straight from your machine to the provider API and back. Done with it? Open the Settings panel and wipe the field, or clear your site data for peoplearegeek.com. Gone.

What format should the input JSON follow?

The bare minimum is a url string plus a results array of objects, each with a category and a finding object holding kind, title and body. That is exactly what the Cyber Audit Suite already hands you, so most of the time you never think about it. SecuChecker and Mozilla Observatory come in a different shape, but they get converted on the way in. Rolled your own scanner with similar nested objects? It just works.

Does AI mode work with any model?

Anything that speaks the OpenAI chat format or the Anthropic messages format. I have tested GPT-5 turbo and GPT-5 mini on the OpenAI side, Claude Sonnet 4.6 and Claude Opus 4.7 on Anthropic, plus Gemini 3.0 Pro through Google GenAI. The OpenAI-compatible crowd (Mistral, Groq, Together) works too, with their own key formats. Just point the base URL through the model name field and you are off.

What if the rule-based engine does not recognise a finding category?

It will not choke. It drops to a generic category-unknown template and still shows you the title and body in the chat. You just do not get a tailored fix snippet. When that happens and I actually want an answer, I flip to AI mode. The model is way more forgiving about odd input, and it will usually give you something useful even for a finding it has never seen.

Can I run this against a private internal URL?

Not directly. Scan URL live sends the URL to the backend scanner endpoints (the same ones behind Cyber Audit Suite), and those cannot see inside your network. So for anything internal, do it the other way around. Run the Cyber Audit Suite from inside the network yourself, copy the JSON, paste it here in Paste audit JSON mode. From that point on everything happens in your browser, and nothing leaves it.