AI Recommendations

Lorika uses Claude Sonnet 4 to generate prioritized security recommendations based on your actual telemetry.

How it works

1. Collect real telemetry (device counts, check failures, CVE data, OSINT findings)
2. Compute maturity across 7 dimensions (hygiene, compliance, kill chain, vulns, user risk, data protection, external)
3. Send grounded prompt to LLM with real numbers — no hallucinated metrics
4. Store results in DB for both EN + UK simultaneously
5. Cache with 1-hour cooldown — regenerates only on data change or explicit refresh

What you get

Each recommendation contains:

• Priority (1–10, 1 = highest)
• Title — concise action
• Description — why it matters for your org
• Impact — critical / high / medium / low
• Effort — low / medium / high
• Category — access, data, network, hardening, monitoring, vulns, compliance, external
• Related checks — which security checks it addresses
• Compliance refs — which framework controls it satisfies
• Kill chain phase — where in the attack chain
• Estimated score impact — how much your Security Score may improve

No-patch vulnerabilities

When software has CVEs but no vendor patch, recommendations give actionable alternatives:

• Restrict network access
• Add WAF/IPS rules
• Monitor for exploit attempts
• Remove if not actively used

Never just "monitor for updates" — always concrete steps.

Refresh cycle

• Auto-generated once per day for all active organizations
• Manual refresh button in UI (rate-limited)
• Cache invalidated when scan data changes materially