Meet the Hounds Β· toggle theme, then print
PYTHIA crest
MEET THE HOUNDS

PYTHIA

AI Inventory
Pythia Hound Β· Category: Discovery
β€œReveal the AI hiding in your estate.”

The oracle of Delphi β€” Pythia sees what others can't: the shadow AI already running in your environment.

THE PROBLEM

AI and ML tools spread faster than any inventory can track β€” Cursor, Claude Code, Ollama, Jupyter, vector databases β€” and each one can ship sensitive data to third-party APIs. Vulnerability scanners weren't built to see β€œAI risk,” so shadow AI accumulates invisibly until an auditor, or an incident, finds it first.

WHAT IT DOES

Pythia discovers shadow AI by content, classifies it by role, and governs where its data flows. It sweeps five evidence sources, classifies each find β€” Model Serving, Vector/RAG, GPU/Training, MLOps, LLM client, AI Dev Tool β€” flags exposed endpoints (often unauthenticated), correlates KEV exploitability, and separates sanctioned from shadow data egress via an editable allowlist.

KEY CAPABILITIES

  • 5-source discovery β€” sweeps the AI plugin family, software inventory, CPEs, and plugin output into one AI asset list that catches what any single source misses.
  • Role classification + per-role ACR β€” every find typed as Model Serving, Vector/RAG, GPU/Training, MLOps, LLM client, or AI Dev Tool, with matching criticality β€” a GPU training box shouldn't score like a chat client.
  • Exposed-endpoint and unauthenticated detection β€” flags the AI services reachable right now, often with no authentication β€” the findings that turn a governance report into incident prevention.
  • Data-egress governance β€” detects egress capability and configured destinations, split sanctioned vs. shadow by an editable allowlist β€” β€œwhere can our data go?” finally has an answer.
  • β€œWhy?” evidence inspector + FP suppression β€” every detection shows its evidence, and false positives can be suppressed β€” the inventory stays trusted instead of argued with.
  • MITRE ATLAS mapping + gated β€œAI” tags β€” findings carry adversary-technique context from the live ATLAS catalog and become human-approved, routable tags.

HOW IT WORKS

Pythia runs against the local navi.db built from your Tenable data: the vulns AI plugin family and output, plus the software and cpes inventories, with a browser fetch of the MITRE ATLAS catalog for technique mapping. All writes are proposed, human-approved, and logged.

WHY IT'S DIFFERENT

  • Finds AI by evidence, not a memorized list β€” it catches Cursor, Claude Code, OpenAI clients, and Ollama as CPEs even when no β€œAI plugin” fired.
  • Evidence-first with FP control β€” every detection carries its β€œwhy,” and you can suppress false positives instead of arguing with them.
  • Honest about egress: Pythia reports egress capability and configured destinations β€” not proven exfiltration β€” and says so plainly.

PROOF POINTS

  • In a reference environment of 268 assets, Pythia surfaced:
  • 29 assets via the AI plugin family.
  • 15 additional AI-native apps found only through CPE evidence β€” invisible to plugin-only detection.

Illustrative results from a demo lab β€” not a guarantee. Egress findings are capability plus configured destinations, not proven exfiltration; blind or uncredentialed hosts are called out, not hidden.

WORKS BETTER WITH

Pythia feeds Fenrir β€” an exposed, unauthenticated AI endpoint is an attack-path entry β€” and Anubis, which turns per-role ACR suggestions into calibrated criticality. It shares the KEV signal with Laelaps.

WHO IT'S FOR

AI governance and risk teams who need a defensible inventory; security architects deciding what to sanction; CISOs answering β€œhow much AI do we run, and where does its data go?”

CALL TO ACTION

Ask Pythia what AI is running in your estate β€” the oracle already knows.

THE HOUNDS β€” a human-in-the-loop security agent pack for Tenable VM / Tenable One.Gated writes Β· Evidence-first Β· Honest about coverage