Skip to content

Escape Copilot

Beta Feature

Escape Copilot is currently in beta. While fully functional, we're actively gathering feedback and making improvements. We encourage you to try it out and share your experience with us.

Overview

The Escape Copilot is an AI assistant specialized in cybersecurity workflows, designed to streamline interaction with the Escape platform. By leveraging the Model Context Protocol (MCP), the Copilot provides natural language access to application management, security scanning, and vulnerability analysis.

Key Benefits:

  • Natural Language Interface: Interact with the Escape platform using conversational queries
  • Context-Aware Responses: Receive tailored recommendations based on your specific security data
  • Workflow Automation: Automate complex security operations through simple commands
  • Intelligent Analysis: Get AI-powered insights into vulnerability findings and security posture

Copilot Capabilities

Application Management

Create Applications

Define new applications by specifying essential details such as name, URL, type (GraphQL, REST, Frontend), location, and configuration through natural language commands.

Update Applications

Modify application details including name, location, scheduling options, and scan configurations conversationally.

List Applications

Retrieve a complete list of all applications managed within your organization, with filtering and search capabilities.

Get Application Details

Obtain comprehensive information about any application using its unique ID or name, including configuration, scan history, and security findings.

Scan Management

Start Scans

Initiate security scans through natural language commands. Specify application names, scan types, or use defaults for quick execution.

Check Scan Status

Monitor the progress and status of ongoing or completed scans. Receive real-time updates on scan phases and completion estimates.

List Scan Issues

Access detailed reports highlighting vulnerabilities and security issues detected during scans. Filter by severity, category, or affected component.

List Scan Events

Review chronological events associated with scans, providing insights into the scanning process, authentication flow, and discovered endpoints.

Domain Management

Create Domains

Add new fully qualified domain names (FQDNs) to your attack surface management scope through conversational commands.

Delete Domains

Remove unnecessary or obsolete domains from your managed list using natural language.

List Domains

View a comprehensive list of all domains under management, including discovery status, DNS records, and associated vulnerabilities.

Get Domain Details

Retrieve detailed information about specific domains, including subdomains, certificates, services, and security findings.

Scan Archive Access

Get Exchange Archive URLs

Obtain URLs to access detailed scan exchange archives, facilitating deeper analysis of HTTP traffic, API requests, and security test results.

Usage Examples

Starting a scan:

"Start a scan for my production application"
"Run a security scan on app-xyz-123"

Checking vulnerabilities:

"Show me critical issues from the last scan"
"What XSS vulnerabilities were found in my application?"

Managing applications:

"Create a new REST API application for https://api.example.com"
"Update the scan schedule for my staging environment"

Domain management:

"Add example.com to my monitored domains"
"Show me all subdomains discovered for mycompany.com"

Privacy and Security

Data Scope

Your Copilot interactions are entirely scoped to your Public API access level. The Copilot can only access and modify resources that your user account has permissions for.

Hosting

All Copilot processing is performed on Escape-managed infrastructure. No conversation data or API responses are shared with third-party AI providers.

Data Handling

  • Secure Processing: All queries and responses are transmitted over encrypted connections
  • No Long-Term Storage: Conversation history is ephemeral and not retained beyond the active session
  • Access Control: API operations are subject to your organization's role-based access controls
  • Audit Trail: All operations performed through the Copilot are logged in your organization's audit log

Best Practices

  • Share Minimal Data: Provide only the information necessary for the Copilot to complete your request
  • Avoid Sensitive Information: Do not share production credentials, API keys, or other sensitive data in queries
  • Verify Operations: Review suggested actions before confirming destructive operations (deletions, configuration changes)

Limitations

Operational Scope

The Copilot is designed specifically for interacting with the Escape platform and focuses exclusively on cybersecurity-related tasks. It does not support:

  • General programming assistance or code generation
  • Non-security-related queries
  • Access to external systems or third-party APIs
  • File system access or local environment operations

Functional Constraints

  • API Limitations: The Copilot is subject to the same rate limits and constraints as the Public API
  • Beta Restrictions: Some advanced features may have limited availability during the beta period
  • Natural Language Parsing: Complex or ambiguous queries may require rephrasing for accurate interpretation
  • Context Window: Very long conversations may require summarization or continuation in a new session

Getting Started

To access the Escape Copilot:

  1. Configure MCP Integration: Follow the MCP overview guide to understand authentication requirements
  2. Set Up Your Environment: Use the IDE Integration Guide to connect your development environment
  3. Obtain an API Key: Generate an API key from your User Settings
  4. Start Interacting: Begin asking questions and executing operations through your AI assistant

Feedback and Support

As a beta feature, your feedback is invaluable:

  • Share your experience and suggestions through the Escape dashboard
  • Report issues or unexpected behavior to support
  • Request new capabilities or improvements through your customer success contact

For technical support or questions about the Copilot, consult the MCP troubleshooting guide or contact Escape support.