Frequently Asked Questions

Get answers to common questions about using Kai, understanding results, and managing security findings.

Getting Started

What is Kai and how does it work?

Kai is an AI-powered security analysis platform that finds, proves, and helps fix vulnerabilities in your code. Unlike traditional static analysis tools, Kai creates working exploit code to prove that every reported vulnerability is actually exploitable, eliminating false positives. Kai uses specialized AI agents that think like attackers to discover security issues, then verifies each finding by generating and testing actual exploit code. Only vulnerabilities that can be proven with working attacks are reported to you.

Do I need to be a security expert to use Kai?

No. Kai is designed for developers of all security skill levels. Every vulnerability report includes:

Plain-English explanations of what’s wrong and why it matters
Working exploit code that demonstrates the issue
Specific fix suggestions with before/after code examples
Explanations of how the fix addresses the security issue

Many users find Kai educational - learning about security through real examples in their own code.

What programming languages and frameworks does Kai support?

Kai works with most popular programming languages and frameworks, including:

Web applications: JavaScript/Node.js, Python, Java, PHP, Ruby, C#
Mobile: Swift, Kotlin, React Native, Flutter
Smart contracts: Solidity, Vyper
Infrastructure: Docker, Kubernetes, Terraform

Kai adapts its analysis based on the frameworks and libraries detected in your code, providing context-specific security insights.

How is Kai different from other security tools?

Key differences:

Verified vulnerabilities: Every finding includes working exploit code proving it’s real
No false positives: If Kai can’t create a working exploit, it doesn’t report the vulnerability
Business context: Understands your application’s purpose and prioritizes vulnerabilities accordingly
AI reasoning: Goes beyond pattern matching to understand complex business logic vulnerabilities
Fix guidance: Provides specific code changes rather than generic advice

Using Kai

How long does a scan take?

Scan times depend on the mode you choose:

Baseline mode: ~2 hours for quick analysis
Enhanced mode: ~4 hours for comprehensive analysis (recommended)
Full mode: ~8 hours for maximum thoroughness

The scan runs in Kai’s cloud infrastructure, so you can close VS Code and the scan continues. You’ll get a notification when results are ready.

Can I scan private or proprietary code?

Yes. Kai is designed for proprietary and sensitive codebases:

Code privacy: Your code is analyzed in isolated cloud environments and deleted after analysis
No data retention: Kai doesn’t store your source code permanently
Secure transmission: All code uploads are encrypted in transit
Access controls: Only you and your invited team members can see your scan results

Why does my scan show so many vulnerabilities?

This is normal and actually a good thing. Most codebases have security improvements opportunities that traditional tools miss. Kai finds:

Real issues: Every reported vulnerability includes proof it can be exploited
Various severities: Many findings are improvements rather than critical emergencies
Learning opportunities: Each vulnerability teaches you about secure coding patterns

A typical scan finds 10-25 vulnerabilities across all severity levels, with most being Medium or Low priority improvements.

Can I use my own API keys to reduce costs?

Kai currently uses its own API infrastructure for all analysis. Support for configuring your own OpenRouter API key is on our roadmap.

Understanding Results

How do I know if a vulnerability is actually exploitable?

Every vulnerability Kai reports includes working proof-of-concept exploit code. This means:

Verified exploitability: The attack code compiles and successfully exploits the vulnerability
Demonstrated impact: You can see exactly what an attacker could accomplish
No guesswork: If Kai reports it, it’s been proven to work

You can review the exploit code yourself to understand exactly how the attack works.

What should I fix first?

Prioritize by severity level:

Critical (🔴): Fix immediately - these can cause severe damage
High (🟠): Fix within 1-2 weeks - significant security risks
Medium (🟡): Fix within 1-3 months - important improvements
Low (🟢): Fix when convenient - good security hygiene

Within each severity level, focus on:

Public-facing components first
Components handling sensitive data
Core business functionality
Areas with multiple related vulnerabilities

Are the suggested fixes safe to implement?

Yes. Kai’s fix suggestions are:

Tested: Each fix is validated to ensure it prevents the original attack
Minimal: Changes are surgical, modifying only what needs to change
Explained: Every fix includes reasoning about why it solves the security issue
Functional: Fixes preserve existing functionality while eliminating vulnerabilities

However, you should always test fixes in your development environment before deploying to production.

What if I disagree with a vulnerability assessment?

If you believe a vulnerability is not relevant to your application:

Review the exploit code to understand the attack scenario
Consider your application context - some vulnerabilities may not apply to your specific use case
Move to “Won’t Do” in the Kanban workflow if you’re accepting the risk
Document your reasoning for future reference and audit purposes

You can also contact support for clarification on specific vulnerabilities.

Technical Questions

Does Kai work with my CI/CD pipeline?

Currently, Kai works through the VS Code extension, web dashboard, and MCP server. Direct CI/CD integration is on our roadmap. Available integrations:

GitHub integration: Create GitHub issues directly from vulnerability findings
Linear integration: Turn findings into Linear issues with team and project routing
MCP server: Connect AI assistants and development tools to Kai’s full API

Current workflow: Most teams integrate Kai by running scans before major releases through the VS Code extension and tracking fixes via the web dashboard’s Kanban workflow. Use the GitHub or Linear integration to push findings into your existing issue tracking workflow, or connect through the MCP server for programmatic access.

What is Kai Evolve?

Kai Evolve is an AI-powered code optimizer that uses evolutionary algorithms to improve your code’s performance. Point it at a repository and Evolve generates optimized implementations, verifies correctness, and delivers ready-to-merge improvements. It works across domains including GPU kernels, sorting networks, matrix multiplication, hash functions, and smart contracts — achieving up to 192x speedup in benchmarks.

Can I run Kai on-premises?

Kai currently operates as a cloud service for optimal performance and security:

Cloud benefits: Access to latest AI models, scalable compute resources, automatic updates
Security: Isolated environments ensure code privacy and security
Maintenance: No infrastructure to manage or maintain

Enterprise on-premises options may be available for specific requirements - contact sales for discussion.

What data does Kai collect and store?

Kai collects minimal data necessary for security analysis:

During analysis: Source code is temporarily stored in secure, isolated environments
After analysis: Code is deleted; only vulnerability findings and metadata are retained
Permanently stored: Vulnerability reports, scan history, team collaboration data
Never stored: Full source code, credentials, or sensitive business data

All data handling complies with GDPR and enterprise security requirements.

How accurate are Kai’s vulnerability findings?

Kai has extremely low false positive rates because:

Verification requirement: Vulnerabilities must be proven with working exploits
Business context: Analysis considers your specific application architecture
Continuous improvement: AI models learn from feedback and new security research

Typical accuracy rates:

False positives: Less than 5% (industry average is 30-50% for static analysis)
Verification rate: 85-95% of reported vulnerabilities include working exploits
Severity accuracy: High correlation between reported severity and actual business impact

Billing and Pricing

How does Kai pricing work?

Kai uses a token-based pricing model:

Pay per analysis: You’re charged based on the AI inference used during scans
Transparent costs: See usage and costs for each scan
No monthly minimums: Pay only when you scan
Custom API keys: Use your own OpenRouter credits to potentially reduce costs

Contact sales for detailed pricing information and volume discounts.

Can I get a cost estimate before scanning?

Approximate cost by scan mode:

Baseline: 30-50% of Full mode costs
Enhanced: 70-80% of Full mode costs
Full: Maximum analysis depth and cost

Actual costs depend on:

Codebase size and complexity
Number of vulnerabilities found
Analysis depth required
Language and framework specifics

You can monitor costs in real-time during scans and set up usage alerts.

Team and Collaboration

How do I add team members to my workspace?

Go to your workspace in the web dashboard
Navigate to Settings → Team
Click “Invite Members”
Enter team member email addresses
Select appropriate roles (Admin, Member, Viewer)
Send invitations

Team members will receive email invitations to join your workspace.

What’s the difference between workspace roles?

Admin:

Full control over workspace settings
Can invite/remove members and change roles
Access to all projects and vulnerability data
Can manage repository configurations

Member:

Can run scans and participate in vulnerability management
Can comment and collaborate on findings
Cannot manage workspace settings or team membership

Viewer:

Read-only access to assigned projects
Can view vulnerabilities and reports
Cannot modify vulnerability status or run scans

Can I integrate Kai with other tools?

Yes. Kai currently supports:

GitHub: Create issues directly from vulnerability findings
Linear: Route findings to Linear teams and projects
Email notifications: Receive emails when scans start and complete

Connect integrations from the Integrations page in your workspace settings on the web dashboard. Once connected, you can also create issues directly from the VS Code extension.

Troubleshooting

My scan is taking longer than expected

Long scan times can be caused by:

Large codebase: More code requires more analysis time
Complex logic: Sophisticated business logic takes longer to analyze
High workload: Peak usage times may increase queue times

What to do:

Wait at least 50% longer than estimated time before investigating
Check the Executions panel for status updates
Contact support if scan exceeds 24 hours

I can’t see my scan results

Common solutions:

Refresh the results panel using the refresh button
Check internet connectivity for loading scan results
Verify scan completion in the Executions panel
Restart VS Code to refresh the extension

If problems persist, contact support through the web dashboard for assistance.

The extension isn’t working properly

Quick fixes:

Restart VS Code completely
Check extension version and update if needed
Sign out and sign back in to refresh authentication
Check internet connectivity for cloud services

Contact support through the web dashboard for comprehensive assistance.

Getting Help

Where can I get more help?

Documentation:

VS Code Extension Guide: Complete guide to using the extension
Web Dashboard Guide: Team collaboration and management features

Support channels:

Email: kai@dria.co
Web Dashboard: Contact support directly through the dashboard
Community: VS Code Marketplace Q&A section

How do I report a bug or request a feature?

Gather information: VS Code version, extension version, error messages
Document the issue with steps to reproduce the problem
Include screenshots if relevant for UI issues
Email kai@dria.co with your detailed report

For security vulnerabilities in Kai itself, please report privately via email rather than public channels.

Can I get training or consulting help?

Kai is designed to be self-service, but additional support options are available:

Documentation: Comprehensive guides for all features
Best practices: Security-focused development guidance
Enterprise support: Dedicated support for enterprise users
Consulting services: Custom security program development (contact sales)

Most users find the built-in documentation and explanations in vulnerability reports sufficient for learning and using Kai effectively.

Get Started

Kai Security

Kai Evolve

Platform

Support

​Frequently Asked Questions

​Getting Started

​What is Kai and how does it work?

​Do I need to be a security expert to use Kai?

​What programming languages and frameworks does Kai support?

​How is Kai different from other security tools?

​Using Kai

​How long does a scan take?

​Can I scan private or proprietary code?

​Why does my scan show so many vulnerabilities?

​Can I use my own API keys to reduce costs?

​Understanding Results

​How do I know if a vulnerability is actually exploitable?

​What should I fix first?

​Are the suggested fixes safe to implement?

​What if I disagree with a vulnerability assessment?

​Technical Questions

​Does Kai work with my CI/CD pipeline?

​What is Kai Evolve?

​Can I run Kai on-premises?

​What data does Kai collect and store?

​How accurate are Kai’s vulnerability findings?

​Billing and Pricing

​How does Kai pricing work?

​Can I get a cost estimate before scanning?

​Team and Collaboration

​How do I add team members to my workspace?

​What’s the difference between workspace roles?

​Can I integrate Kai with other tools?

​Troubleshooting

​My scan is taking longer than expected

​I can’t see my scan results

​The extension isn’t working properly

​Getting Help

​Where can I get more help?

​How do I report a bug or request a feature?

​Can I get training or consulting help?