Models#
AttackTrace uses AI models to support investigation workflows. In hosted environments, model access may be provided by the platform's configured underlying provider. In private or enterprise deployments, customers may use approved model providers or private models where configured.
AttackTrace is not a standalone model provider and does not sell raw model access.
Shared models#
If your organization has already configured models, they will appear in the model selector in the chat interface.
Advantages of shared models:
- No need to manage your own API key
- Your team can recommend models best suited for security analysis
- New users can get started immediately
Adding a personal model#
If your workspace allows custom model configuration, you can add your own model endpoint manually in the app.
| Field | Description | Example |
|---|---|---|
| Name | Display name | Company model |
| API Base URL | Service endpoint | https://models.example.com/v1 |
| API Key | Your API key | sk-... |
| Model ID | Model identifier | security-analysis-model |
Provider notes#
Supported providers and endpoint formats depend on your workspace configuration, deployment model, and customer agreement. Private deployments can use customer-selected providers or private models where supported.
Recommendations#
- For stronger analysis: choose a high-capability model
- For faster responses: choose a lighter model
- For local/offline use: use Ollama or LM Studio
!!! tip "Tool call support" Models that support Function Calling / Tool Use are recommended. Without this capability, the AI may not be able to invoke MCP tools correctly.