Syhunt Hybrid: AI-Powered Capabilities

The information in this document applies to version 7.0 of Syhunt Hybrid.

Syhunt's innovative integration with the OpenAI API allows Syhunt to use artificial intelligence to augment its application security scanner capabilities. Currently, this integration, which can be enabled by entering your own OpenAI API key, allows Syhunt to perform AI-powered form authentication and generation of patched code examples in reports.

Please note that, for privacy and management reasons, for the AI integration to work, Syhunt requires that you enter your own OpenAI API key. OpenAI currently allows you to generate a trial API key and view your API usage statistics and other details at their Account Usage page. You are solely responsible for creating, managing, and assigning your own key or keys. This process is separate from Syhunt, similar to the integration with any other third-party service. Therefore, the costs associated with API key usage are not covered by your existing Syhunt license or by Syhunt itself. If you have multiple installations of Syhunt, you may also decide to use separate keys for each installation.

Syhunt's AI-Powered Capabilities

  • AI-Powered Login: Syhunt's innovative AI-powered form authentication method eliminates the need of using complicated login recorders to achieve login during a scan. The method automatically figures out how to login with credentials and sometimes a few instructions from the user, caching a successful login procedure to be used in future on-demand or scheduled scans. This feature is currently available for Windows only.
  • Patched Code Examples in Reports: When this new optional feature is enabled, Syhunt sends excerpts of vulnerable code to OpenAI to get patch examples that are automatically added to its reports alongside the vulnerable code portions identified by the tool. During this process, Syhunt makes an effort to not send sensitive information, such as credentials and hardcoded information in code.
  • Privacy-By-Design: Syhunt makes an effort to use the AI API in a way that no sensitive information are transmitted through requests to the API provider.
  • Efficient API Use: Syhunt also caches results of queries, when possible, to prevent duplicated queries that would increase the credit-based cost associated with the usage of the free trial or paid subcription of the API.

Enabling the Integration with OpenAI API

  1. Make sure you meet the Internet connection requirements, allowing Syhunt to connect to the OpenAI server.
  2. If you do not have a OpenAI API key yet, you must generate one at
  3. Finally, go to the AI Preferences screen ( -> Preferences -> AI Preferences).
  4. Enter your OpenAI API key and click OK.

Enabling the Integration with OpenAI API through CLI

Use the following commands to enter your API key:

  scancore -vsecret

-- or alternatively
  scancore -v:YOURKEY

Enabling the AI-Powered Authentication Feature

Enabling the Extended Report Features

  1. After entering your API key as described above.
  2. If you want patched code examples in reports, go to the AI Preferences screen ( -> Preferences -> AI Preferences) and check the option Share excerpts of vulnerable code to get patch examples. Finally, add a .aipatchconsent file to the root of the target code repository or directory.
    1. Alternatively, via CLI:

-- Enabling the patched code examples in reports
scancore -v:true
-- Don't forget to add a .aipatchconsent file to the root of the target code repository or directory


Italy Dear Italian users: due to the temporary ban of ChatGPT in Italy, Syhunt's AI-powered capabilities may or not be currently unavailable in your country. [1]