About UsAdded in: 5.8.0
Prowler Lighthouse AI integrates Large Language Models (LLMs) with Prowler security findings data.
Behind the scenes, Lighthouse AI works as follows:
- Lighthouse AI runs as a Langchain agent in NextJS
- The agent connects to the configured LLM provider to understand the prompt and decide what data is needed
- The agent accesses Prowler data through Prowler MCP, which exposes tools from multiple sources, including:
- Prowler Hub
- Prowler Docs
- Prowler App
- Instead of calling every tool directly, the agent uses two meta-tools:
describe_toolto retrieve a tool schema and parameter requirements.execute_toolto run the selected tool with the required input.
- Based on the user’s query and the data necessary to answer it, Lighthouse agent will invoke necessary Prowler MCP tools using
discover_toolandexecute_tool
Lighthouse AI supports multiple LLM providers including OpenAI, Amazon Bedrock, and OpenAI-compatible services. For configuration details, see Using Multiple LLM Providers with Lighthouse.
Lighthouse AI can only read relevant security data. It cannot modify data or access sensitive information such as configured secrets or tenant details.
Set Up
Getting started with Prowler Lighthouse AI is easy:- Navigate to Configuration → Lighthouse AI
- Click Connect under the desired provider (OpenAI, Amazon Bedrock, or OpenAI Compatible)
- Enter the required credentials
- Select a default model
- Click Connect to save
For detailed configuration instructions for each provider, see Using Multiple LLM Providers with Lighthouse.
Adding Business Context
The optional business context field lets teams provide additional information to help Lighthouse AI understand environment priorities, including:- Organization cloud security goals
- Information about account owners or responsible teams
- Compliance requirements
- Current security initiatives or focus areas