Safeguard.sh
← Concepts & Glossary
AI Security

Griffin AI

Safeguard's reasoning engine — turns engine output into human-reviewable findings and fix PRs.

What is Griffin AI?

Griffin AI is the reasoning layer inside Safeguard. It sits on top of the deterministic engine — which handles SBOM parsing, reachability analysis, signature verification, and policy evaluation — and does the work that determinism cannot: turning structured engine output into something a human engineer can act on, in English, with receipts.

Griffin is a large language model, but it is not a chatbot. It takes typed, schema-validated input from the engine, emits typed output back into the pipeline, and is governed by an eval harness that refuses to ship a new version until it clears a published benchmark suite. The outputs — exploit hypotheses, fix-PR bodies, triage summaries, zero-day narratives — are always grounded in engine facts, never free-generated.

How it works

Four architectural commitments separate Griffin from "we wrapped a chatbot around a scanner":

  1. Deterministic engine first. Reachability, provenance, and policy are computed by the engine with hard guarantees. Griffin reads those outputs — it does not replace them and cannot override them.
  2. Typed IO with schemas. Every Griffin call is a structured request and a structured response, validated against a JSON schema. Free-form hallucinations cannot enter the pipeline because the pipeline does not accept them.
  3. Eval-gated releases. Every Griffin release runs against a regression suite of several thousand labelled vulnerabilities, fix scenarios, and adversarial prompts. Benchmark deltas are published with the release notes — not kept internal.
  4. Citation-first prompts. Griffin is prompted to cite the exact engine facts it relies on — file paths, function names, CVE IDs, Rekor entries. When a citation cannot be produced, the output is suppressed rather than shipped.

Why it matters

Deterministic engines produce structured facts. Humans need narratives, fixes, and gates. The translation between the two is where most security products lose their users — and where naive LLM bolt-ons produce the confident-but-wrong outputs that have made "AI for security" a suspect phrase.

Griffin is the deliberate, boring answer: a reasoning layer whose scope is bounded by what the engine can prove, whose output is gated by published evaluations, and whose benchmarks are on the internet rather than in a slide deck.

What value it adds

  • Findings that read like a security engineer wrote them

    Taint path, exploit hypothesis, disproof, and fix suggestion — assembled into prose a reviewer can approve without becoming a researcher.

  • Fix PRs with real justification

    Every Griffin-drafted PR carries the engine's evidence trail — so the reviewer approves a fix, not a vibe.

  • Zero-day candidate narratives

    When the engine flags a suspicious publication, Griffin produces the explain-in-English case that gets routed to a human or a customer alert.

  • Eval-gated trust

    Published benchmarks make "the AI got smarter" a claim you can check against data — not a product-marketing adjective.

  • Deterministic floor, reasoned ceiling

    Policy and reachability stay deterministic; narrative and synthesis come from the model. The combined architecture produces both guarantees and usability.

Where Griffin shows up in Safeguard

Every Fix PR, zero-day narrative, and triage summary in Safeguard goes through Griffin. The engine proves; Griffin explains; a human approves.

Griffin AI Product →Zero-Day Discovery →AI Remediation →

See Griffin draft a real fix.

Point Safeguard at your code. Watch Griffin produce the first three Fix PRs with full taint paths and disproof artefacts.

Book a walkthroughBrowse all concepts