The information in this document applies to version 7.1 of Syhunt Hybrid.

Syhunt's innovative integration with AI models allows Syhunt to use artificial intelligence to augment its application security scanner capabilities. Currently, this integration, which can be enabled through local models or cloud models (OpenAI & DeepSeek), allows Syhunt to perform AI-powered form authentication, as well as generation of confidence score and patched code examples in reports.

Please note that, for privacy and management reasons, for the AI integration to work, Syhunt requires that you configure your own local AI server or enter your own OpenAI or DeepSeek API key for cloud models:

1. Run a model locally or use a paid cloud model -both OpenAI and DeepSeek currently allows you to generate a trial API key and view your API usage statistics and other details at their Account Usage page.
2. You are solely responsible for creating, configuring, managing, and assigning your own models. This process is separate from Syhunt, similar to the integration with any other third-party service or tool. Therefore, the costs and hardware requirements associated with running a local model or cloud modal are not covered by your existing Syhunt license or by Syhunt itself.
3. If you have multiple installations of Syhunt, you may also decide to use separate models for each installation.

Syhunt's AI-Powered Capabilities

• Patched Code Examples in Reports: When this new optional feature is enabled, Syhunt sends excerpts of vulnerable code to the AI model to get patch examples that are automatically added to its reports alongside the vulnerable code portions identified by the tool. During this process, Syhunt makes an effort to not send sensitive information, such as credentials and hardcoded information in code. This works with OpenAI, DeepSeek or any compatible local AI model.
• AI Confidence Score in Reports: When enabled, Syhunt adds a confidence score to each detected code vulnerability. This represents the percentage likelihood that a detected vulnerability is a true positive rather than a false positive, based on AI analysis. This works with OpenAI, DeepSeek or any compatible local AI model.
• AI-Powered Login: Syhunt's innovative AI-powered form authentication method eliminates the need of using complicated login recorders to achieve login during a scan. The method automatically figures out how to login with credentials and sometimes a few instructions from the user, caching a successful login procedure to be used in future on-demand or scheduled scans. This feature is currently available for Windows only and the OpenAI integration.
• Privacy-By-Design: Syhunt makes an effort to use the AI API in a way that no sensitive information are transmitted through requests to the API provider.
• Efficient API Use: Syhunt also caches results of queries, when possible, to prevent duplicated queries that would increase the credit-based cost associated with the usage of the free trial or paid subcription of the API.
• Non-Blocking: This integration runs in the background in a way that the duration of scans are not affected by it.

Enabling the Integration with OpenAI (Cloud)

1. Make sure you meet the Internet connection requirements, allowing Syhunt to connect to the OpenAI server.
2. If you do not have a OpenAI API key yet, you must generate one at https://platform.openai.com/account/api-keys
3. Finally, go to the AI Review screen ( -> Global Preferences -> AI Review).
4. Select OpenAI as your default model.
5. Enter your OpenAI API key and click OK.

Enabling the Integration with OpenAI through CLI

Use the following commands to enter your API key:

  scancore -prefset:hybrid.advanced.ai.openai.apikey.encrypted -vsecret

-- or alternatively
  scancore -prefset:hybrid.advanced.ai.openai.apikey.encrypted -v:YOURKEY

Enabling the Integration with DeepSeek (Cloud)

1. Make sure your machine is able to connect to https://api.deepseek.com, allowing Syhunt to connect to the DeepSeek server.
2. If you do not have a DeepSeek API key yet, you must generate one at https://platform.deepseek.com/api_keys
3. Go to the Connectors screen ( -> Connectors) and click the Add button:
   1. Enter Name: DeepSeekCloud
   2. Select Type: AIModel
   3. Click OK.
   4. Click DeepSeekCloud in the list of connectors and configure your model as follows:
   5. Server URL: https://api.deepseek.com/beta
   6. Model Name: deepseek-chat
   7. Personal Access Token: enter your DeepSeek API key here and click OK.
4. Finally, go to the AI Review screen ( -> Global Preferences -> AI Review).
5. Select DeepSeekCloud as your default model and click OK.

Enabling the Integration with Local Model (DeepSeek or Other)

1. For testing purposes, we suggest that you download and install LM Studio and use it as a model server https://lmstudio.ai/
   1. In LM Studio, download the model paramedik/DeepSeek-Coder-V2-Lite-Instruct-Q8_0-GGUF. This is a 16.70 GB model with 64x1.5B parameters.
   2. Select and load the downloaded model.
   3. Go to Local Server and click the Start Server button.
   4. Check if http://localhost:1234 is up and running.
2. Go to the Connectors screen ( -> Connectors) and click the Add button:
   1. Enter Name: DeepSeekLocal
   2. Select Type: AIModel
   3. Click OK.
   4. Click DeepSeekLocal in the list of connectors and configure your model as follows:
   5. Server URL: http://localhost:1234
   6. Model Name: paramedik/DeepSeek-Coder-V2-Lite-Instruct-Q8_0-GGUF
   7. Click OK.
3. Finally, go to the AI Review screen ( -> Global Preferences -> AI Review).
4. Select DeepSeekLocal as your default model and click OK.

System Requirements for Local Model

The following are the minimum system requirements for local AI model usage (tested with paramedik/DeepSeek-Coder-V2-Lite-Instruct-Q8_0-GGUF). For performance reasons, Syhunt recommends that the machine running the AI model is a dedicated machine and not the same machine where Syhunt is installed. For non-production, limited testing or demonstration purposes, the same machine can be used.

PC Requirements

• Intel Core i9-9980HK or similar processor, with 8 cores / 16 threads
  • NVIDIA Quadro RTX 3000 card or superior graphic card
  • 64GB RAM
  • 1TB SSD

Mac Requirements

• Mac Mini M4 Pro 16-core
• 64GB RAM
• 1TB SSD

Software Requirements

• The machine must have, for testing purposes, LM Studio installed. For testing purposes only, since LM Studio server does not yet support parallel request processing.
• Alternatively, for production environments, vLLM or similar project that supports parallel requests. These may or may not require different hardware specifications.

Enabling the AI-Powered Authentication Feature

• How to configure and test AI-powered authentication

Enabling the AI Review Feature

1. After configuring your default AI model as described above.
2. If you want patched code examples in reports, go to the AI Review screen ( -> Global Preferences -> AI Review) and make sure the option Share excerpts of vulnerable code to get review is checked. Finally, add a .syhunt-ci.yml file with the ai_reviewconsent key set to true to the root of the target code repository or directory. Example:

scanner:
  ai_reviewconsent: true

Note: In Syhunt 7.0 this key was named ai_patchconsent. Starting from version 7.1, please use ai_reviewconsent.