Big Improvement In Current AI Integration
A feature was recently added to reflex that attempted to use an external AI to interpret information that had thus far been collected through an ongoing incident. The original implementation of Reflex’s live external AI incident analysis feature relied on sending collected discussions and observations to an external AI for interpretation (the AI built into Reflex is much more advanced in regard to information security than an external LLM, but it cannot understand language). However, early use revealed that general-purpose AI models lack the context and domain-specific understanding needed to generate useful insights—especially in live incident scenarios. These models are not trained on internal security workflows or the language of incident responders, and therefore produce generic or irrelevant results.
To address this, a new hybrid method was introduced. Rather than asking the AI to interpret the situation directly, Reflex now uses both a custom full-text retrieval engine and an external AI to generate targeted search queries. These queries are evaluated for relevance, and the best one is submitted to a vetted search engine. The resulting data is then passed to a second AI for summarization and analysis—guided by a contextual prompt, if needed.
This approach significantly improves the quality of the results. It leverages real-time external data while reducing dependence on the AI’s pre-trained model alone. While Reflex is not an AI platform, this modular design allows the system to benefit from improvements in search and language models without being tied to any specific vendor or technology.
This hybrid process increases the chance of discovering useful context earlier—before the incident naturally reveals its cause.