AI Security Intelligence · Pro feature

The only AI that knows
your actual vault

Every other AI security tool answers generic questions. HexGuard queries your real breach data, rotation gaps, access patterns, and live alerts — then reasons from it. Specific intelligence, not generic advice.

Try HexGuard free See Pro pricing
Powered by Claude
Vault-grounded context
No plaintext sent to AI
Pro plan
HG
HexGuard
Vault context loaded · 47 entries analysed
Good morning. Here's your vault status for today.
Critical
Cloudflare API key — appears in 847 known breach datasets. Rotate immediately and audit any services using it.
Overdue
AWS Console and PostgreSQL root — both last rotated 4 months ago, outside your 90-day policy. 2 other credentials expire this week.
Access risk
3 admin accounts haven't logged in for 60+ days. These should be reviewed — dormant admin access is a common attack vector.
Everything else looks solid. Security score: 87/100. Want me to walk you through the Cloudflare breach response?
Yes — walk me through fixing the Cloudflare breach
Here's your step-by-step Cloudflare breach response:
01Go to Cloudflare dashboard → My Profile → API Tokens → revoke the exposed token
02Generate a new token with the minimum permissions your pipeline actually needs
03Update it in HexVault — I'll mark the old entry as rotated in your audit log
04Check your Cloudflare audit log for any API activity in the last 30 days you don't recognise
05I'll monitor the new credential against breach datasets automatically going forward
Show rotation gaps
Review dormant admins
Full security report
What else needs attention?
How it works

HexGuard knows your vault.
Generic AI does not.

Before answering anything, HexGuard loads your live vault context — breach counts, rotation ages, access anomalies, open alerts. Every response is grounded in your actual data.

01
Vault context loaded
When you open HexGuard, it queries your vault state — breach hits, credential ages, team access patterns, recent security events. All processed server-side. No plaintext credentials sent to the AI.
02
Claude reasons from it
Your vault context is injected into the system prompt. Claude (via the Anthropic API) reasons from your real data — not generic best practices. It knows you have 47 entries, 3 breached, 2 expiring this week.
03
Specific, actionable answers
Instead of "you should rotate passwords regularly", HexGuard says "your AWS Console key is 4 months old, outside your 90-day policy — here's how to rotate it in 3 steps."
Capabilities

What HexGuard can do

Four intelligence modes — each grounded in your real vault data, not generic advice.

Daily security briefing
Every morning, HexGuard produces a prioritised briefing: what's breached, what's expiring, what access anomalies were detected overnight — specific to your vault, in plain English. No generic advice, no noise.
Automatic
Alert explanation
When a security alert fires — breach detected, failed login spike, suspicious access pattern — one click asks HexGuard to explain it. It tells you what happened, why it matters, and exactly what to do first.
On-demand
Context-grounded chat
Ask anything security-related. HexGuard already knows your setup — no describing your environment, no copy-pasting error messages. "Which of my credentials are highest risk right now?" gets a real answer, not a template.
Interactive
Remediation playbooks
For any security issue in your vault, HexGuard generates a step-by-step remediation playbook tailored to your specific credentials and services — not generic instructions. Prioritised by risk, with estimated time to fix each item.
Generated
Why it's different

Generic AI vs HexGuard

ChatGPT, Gemini, and Copilot can answer security questions. They just can't answer questions about your security.

Generic AI assistant
"You should rotate passwords every 90 days."
"Enable 2FA on important accounts."
"Check HaveIBeenPwned for breaches."
"Use a password manager."
No knowledge of your actual credentials
No access to your breach status
Generic advice that applies to everyone
HexGuard AI
"Your AWS key is 4 months old — rotate it now."
"You have 2FA on 43 of 47 entries. These 4 don't."
"Your Cloudflare key is in 847 breach datasets."
"You use HexVault — here's what to fix in it."
Knows every credential in your vault
Live breach monitoring built in
Advice specific to your exact situation
Privacy & architecture

How HexGuard gets context
without seeing your passwords

Zero-knowledge encryption means HexGuard can never read your actual credential values. Here's exactly what it does and doesn't see.

What HexGuard sees
Credential names and domains (e.g. "github.com")
Last rotation date and age in days
Breach hit count from HIBP
Password strength score (not the password)
Whether 2FA is enabled per entry
Team access counts and last-login dates
Security event types (not payload)
What HexGuard never sees
Any actual password or credential value
Encryption keys or master password
TOTP secrets
Secure notes content
SSH private keys or API secret values
Any ciphertext from the vault
Usernames or email addresses

HexGuard is included in Pro

Daily briefings, alert explanations, context-grounded chat, and remediation playbooks — all included from day one on the Pro plan. No add-ons, no per-query pricing.

£5.99
/mo · Pro plan
14-day free trial · cancel any time
Start free trial

Stop guessing about your security posture

HexGuard tells you exactly what's wrong, why it matters, and what to do — grounded in your actual vault data.

Try HexGuard free

Included in Pro · 14-day trial · no credit card