# Remediate vulnerabilities with AI

Security teams often face two critical challenges that slow down vulnerability remediation:

1. **Understanding vulnerabilities quickly** — Raw scanner output is dense, technical, and rarely provides clear remediation steps
2. **Acting fast enough** — Even after analysis, fixing issues typically requires manual developer effort, leading to delays and higher risk exposure

This guide demonstrates how to solve both problems using Port's **AI agents**. When a vulnerability is marked as **critical**, an AI agent automatically enriches it with a clear summary, impact explanation, and actionable remediation steps. Once that summary is available, **Claude Code** is triggered to generate and propose a fix in a pull request — reducing time-to-remediation from days to minutes.

![](/img/guides/ai-security-enricher-workflow.jpg)

## Prerequisites[​](#prerequisites "Direct link to Prerequisites")

Before you begin, ensure you have:

* Completed the [onboarding process](/getting-started/overview.md)
* A Port account with [AI agents feature enabled](/ai-interfaces/ai-agents/overview.md#access-to-the-feature)
* Security vulnerabilities synced into Port (e.g., via [Snyk](/build-your-software-catalog/sync-data-to-catalog/code-quality-security/snyk/.md), [Wiz](/build-your-software-catalog/sync-data-to-catalog/code-quality-security/wiz/.md), or [SonarQube](/build-your-software-catalog/sync-data-to-catalog/code-quality-security/sonarqube/.md))
* Completed the setup in the [Trigger Claude Code from Port guide](https://docs.port.io/guides/all/trigger-claude-code-from-port)

Alternative coding agents

While this guide uses Claude Code as the coding agent, you can easily substitute it with other AI coding assistants like [GitHub Copilot](/guides/all/trigger-github-copilot-from-port.md) or [Google Gemini](/guides/all/trigger-gemini-assistant-from-port.md). Simply update the webhook URL and payload structure in the automation to match your preferred coding agent's API.

## Set up data model[​](#set-up-data-model "Direct link to Set up data model")

First, you need to ensure your vulnerability blueprint includes an `ai_summary` property to store the AI-generated analysis.

1. Go to the [builder](https://app.getport.io/settings/data-model) page of your portal

2. Search for the blueprint you want to update

3. Click on the `{...}` button in the top right corner, and choose `Edit JSON`

4. Add this JSON snippet to the properties of the blueprint:

   ```
         "ai_summary": {

           "type": "string",

           "title": "AI Analysis",

           "description": "AI-generated analysis and remediation steps",

           "format": "markdown"

         }
   ```

5. Click `Save`

## Create a self-service action[​](#create-a-self-service-action "Direct link to Create a self-service action")

Next, you will create a self-service action that updates vulnerability entities with AI-generated summaries. This action will be called by the AI agent to store its analysis.

1. Head to the [self-service](https://app.getport.io/self-serve) page of your portal

2. Click on the `+ New Action` button

3. Click on the `{...} Edit JSON` button

4. Copy and paste the following JSON configuration into the editor

   **Update vulnerability with AI summary action (Click to expand)**

   Create in Port

   ```
   {

     "identifier": "update_vulnerability_with_ai_summary",

     "title": "Update Vulnerability with AI Summary",

     "icon": "Vulnerability",

     "description": "Updates the vulnerability entity with AI-generated analysis and remediation steps",

     "trigger": {

       "type": "self-service",

       "operation": "DAY-2",

       "userInputs": {

         "properties": {

           "ai_summary": {

             "type": "string",

             "title": "AI Summary",

             "format": "markdown"

           }

         },

         "required": ["ai_summary"],

         "order": ["ai_summary"]

       },

       "blueprintIdentifier": "securityVulnerability"

     },

     "invocationMethod": {

       "type": "WEBHOOK",

       "url": "https://api.port.io/v1/blueprints/{{.action.blueprint}}/entities/{{.entity.identifier}}",

       "agent": false,

       "synchronized": true,

       "method": "PATCH",

       "headers": {

         "RUN_ID": "{{ .run.id }}",

         "Content-Type": "application/json"

       },

       "body": {

         "properties": {

           "ai_summary": "{{ .inputs.ai_summary }}"

         }

       }

     },

     "requiredApproval": false

   }
   ```

   Configuration adjustments

   Make sure to adjust the following fields:

   * **`blueprintIdentifier`** - Change this to match the blueprint representing security issues in your data model (e.g., `snykVulnerability`, `wizIssue`, `sonarQubeIssue` for Snyk, Wiz, and SonarQube respectively)

5. Click `Save`

## Create your AI agent[​](#create-your-ai-agent "Direct link to Create your AI agent")

Now let's create an AI agent that analyzes vulnerabilities and calls the action above to update them with AI-generated summaries.

1. Go to the [AI Agents](https://app.getport.io/_ai_agents) page of your portal

2. Click on `+ AI Agent`

3. Toggle `Json mode` on

4. Copy and paste the following JSON schema

   **Vulnerability enrichment agent (Click to expand)**

   ```
   {

     "identifier": "vulnerability_enrichment_agent",

     "title": "Vulnerability Enrichment Agent",

     "icon": "Vulnerability",

     "properties": {

       "description": "Provides remediation steps and mitigation strategies for vulnerabilities",

       "status": "active",

       "prompt": "You are an agent responsible for analyzing security vulnerabilities and providing actionable recommendations.\n\n### Guidelines\n- Summarize the vulnerability in simple terms.\n- Explain the potential impact if exploited. \n- Recommend step-by-step remediation strategies.\n- Suggest best practices to prevent similar vulnerabilities.\n- Tailor responses to the severity (Critical, High, Medium, Low).\n\nAfter generating the summary, call the \"update_vulnerability_with_ai_summary\" self-service action to update the vulnerability entity with the AI summary",

       "execution_mode": "Automatic",

       "conversation_starters": [

         "Explain the impact of CVE-2025-1234",

         "Suggest a remediation plan for this SQL injection vulnerability",

         "What steps should I take to patch a high severity XSS issue?"

       ],

       "tools": [

         "^(list|search|track|describe)_.*",

         "^run_update_vulnerability_with_ai_summary$"

       ]

     },

     "relations": {}

   }
   ```

   MCP Enhanced Capabilities

   The AI agent uses MCP (Model Context Protocol) enhanced capabilities to automatically discover important and relevant blueprint entities via its tools. The `^(list|search|track|describe)_.*` pattern allows the agent to access and analyze related entities in your software catalog, providing richer context for vulnerability analysis. Additionally, we allow the corresponding self-service action in the agent's **Allowed Actions** input (or include `^run_update_vulnerability_with_ai_summary$` in the `tools` list in **Advanced mode (regex)**), which instructs the AI agent to call this specific action to update the vulnerability entity with the generated analysis.

5. Click `Create` to save the agent

## Set up automations[​](#set-up-automations "Direct link to Set up automations")

We will now create two automations that orchestrate the complete vulnerability enrichment and remediation workflow:

1. **Trigger the AI agent** when a vulnerability's severity changes to **Critical**
2. **Assign Claude Code** to generate a fix based on the AI-provided summary and open a pull request

Multiple approaches

This automation is currently configured to trigger when a vulnerability's severity changes to **Critical**. You can easily adapt the trigger criteria based on your workflow needs:

* Enrich vulnerabilities when severity is **High** or above
* Trigger AI enrichment only for vulnerabilities belonging to specific services or teams
* Run enrichment on newly created vulnerabilities regardless of severity
* Apply different enrichment prompts depending on vulnerability type (e.g., SQL injection vs. misconfiguration)

### Automation 1: Trigger AI agent on severity change[​](#automation-1-trigger-ai-agent-on-severity-change "Direct link to Automation 1: Trigger AI agent on severity change")

This automation detects when a vulnerability becomes critical and triggers the AI agent to analyze it.

1. Go to the [automations](https://app.getport.io/settings/automations) page of your portal

2. Click on `+ Automation`

3. Copy and paste the following JSON schema

   **Generate AI security summary automation (Click to expand)**

   Create in Port

   ```
   {

     "identifier": "generate_ai_summary",

     "title": "Generate AI Security Summary",

     "description": "Automation to trigger the AI agent when a vulnerability changes severity to critical",

     "icon": "AI",

     "trigger": {

       "type": "automation",

       "event": {

         "type": "ENTITY_UPDATED",

         "blueprintIdentifier": "securityVulnerability"

       },

       "condition": {

         "type": "JQ",

         "expressions": [

           ".diff.before.properties.severity != \"critical\"",

           ".diff.after.properties.severity == \"critical\""

         ],

         "combinator": "and"

       }

     },

     "invocationMethod": {

       "type": "WEBHOOK",

       "url": "https://api.port.io/v1/agent/vulnerability_enrichment_agent/invoke",

       "agent": false,

       "synchronized": true,

       "method": "POST",

       "headers": {

         "RUN_ID": "{{ .run.id }}",

         "Content-Type": "application/json"

       },

       "body": {

         "prompt": "Generate a summary and remediation steps for vulnerability with entity identifier {{ .event.context.entityIdentifier }}. The issue has been updated with the following details: {{ .event.diff.after.properties }}",

         "labels": {

           "source": "Security AI Summary",

           "entityIdentifier": "{{ .event.context.entityIdentifier }}"

         }

       }

     },

     "publish": true

   }
   ```

4. Click `Create` to save the automation

### Automation 2: Trigger Claude Code to fix vulnerability[​](#automation-2-trigger-claude-code-to-fix-vulnerability "Direct link to Automation 2: Trigger Claude Code to fix vulnerability")

Once the AI summary is generated, this automation triggers Claude Code to automatically generate a fix and open a pull request.

1. Go back to the [automations](https://app.getport.io/settings/automations) page of your portal

2. Click on `+ Automation`

3. Copy and paste the following JSON schema

   **Auto fix security vulnerability automation (Click to expand)**

   Create in Port

   ```
   {

     "identifier": "auto_fix_security_vulnerability",

     "title": "Auto Fix Security Vulnerability",

     "description": "An automation to trigger Claude Code to fix the issue",

     "icon": "Vulnerability",

     "trigger": {

       "type": "automation",

       "event": {

         "type": "ENTITY_UPDATED",

         "blueprintIdentifier": "securityVulnerability"

       },

       "condition": {

         "type": "JQ",

         "expressions": [

           ".diff.before.properties.ai_summary == null",

           ".diff.after.properties.ai_summary != null"

         ],

         "combinator": "and"

       }

     },

     "invocationMethod": {

       "type": "WEBHOOK",

       "url": "https://api.port.io/v1/actions/run_claude_code/runs",

       "agent": false,

       "synchronized": true,

       "method": "POST",

       "headers": {

         "RUN_ID": "{{ .run.id }}",

         "Content-Type": "application/json"

       },

       "body": {

         "properties": {

           "service": "{{ .event.diff.after.relations.service}}",

           "prompt": "Here is the information about the security vulnerability: {{ .event.diff.after }}.\n\nGenerate a code fix for the issue based on the AI-provided summary {{ .event.diff.after.properties.ai_summary }}.\nAfter generating the code, open a PR with a description summarizing what was fixed and why."

         }

       }

     },

     "publish": true

   }
   ```

4. Click `Create` to save the automation

## Test your workflow[​](#test-your-workflow "Direct link to Test your workflow")

Now it's time to test your complete vulnerability enrichment workflow:

1. **Create or sync a vulnerability** with severity set to **Critical**

2. **Port automatically triggers** the **Generate AI Security Summary** automation

3. **The AI agent enriches** the vulnerability with a clear summary and remediation steps

4. **The Auto Fix Security Vulnerability** automation triggers Claude Code, which generates a code fix and opens a pull request in your repository

5. **Review and merge** the PR to complete the remediation loop

![](/img/guides/enhance-security-with-ai-test-pr.png)

## What's next?[​](#whats-next "Direct link to What's next?")

Your automated security workflow is now complete! Here are some ways you can extend it:

* **Integrate with other coding agents**: Replace Claude Code with [GitHub Copilot](/guides/all/trigger-github-copilot-from-port.md) or any other coding agent integrated with Port
* **Customize triggers**: Adjust when and how the AI agent is triggered based on your security policies
* **Add approval workflows**: Require human approval before automatically applying fixes
* **Scale to other issue types**: Apply the same pattern to bugs, performance issues, or compliance violations

## Related guides[​](#related-guides "Direct link to Related guides")

* [Trigger GitHub Copilot from Port](/guides/all/trigger-github-copilot-from-port.md)
* [Trigger Google Gemini from Port](/guides/all/trigger-gemini-assistant-from-port.md)
* [Automatically resolve tickets with coding agents](/guides/all/automatically-resolve-tickets-with-coding-agents.md)