Dexter — AI Remediation Engine
Dexter is the AI-powered remediation engine at the heart of the Cybrium platform. It takes findings from any scan type and generates, validates, and applies fixes — across cloud infrastructure, code repositories, and Kubernetes clusters.
Dexter is both the Cybrium mascot and the engine that closes the loop between "finding a vulnerability" and "fixing it."
| Language | Rust |
| License | MIT |
| Source | github.com/cybrium-ai/dexter |
| Current version | 0.1.0 |
How Dexter works
Finding discovered
|
v
Dexter analyzes the finding + resource context
|
v
Generates a fix (CLI command, Terraform, code patch)
|
v
Captures pre-state snapshot
|
v
[HITL gate] — human approves or rejects
|
v
Applies fix (dry-run or live)
|
v
Captures post-state snapshot
|
v
Verifies fix resolved the finding
|
v
Sends notification (email + platform)
Credential separation — PeriDex Engine
Dexter enforces strict credential scoping through the PeriDex Engine:
| Scope | Access level | Used for |
|---|---|---|
| Scan | Read-only | Reconnaissance, vulnerability assessment, configuration reads |
| Fix | Write | Applying remediations, modifying resources, creating PRs |
Scan credentials can never be used to apply fixes. Fix credentials require explicit approval through the Human-in-the-Loop gate before activation.
Supported providers
| Provider | Fix methods |
|---|---|
| AWS | AWS CLI commands, CloudFormation, Terraform |
| Azure | Azure CLI commands, ARM templates, Terraform |
| GCP | gcloud commands, Terraform |
| Kubernetes | kubectl apply, Helm upgrades |
| Code | Git patch, pull request generation |