Found this interesting project:
GitHub: https://github.com/astraut-solutions/astraut-risk-reasoner-mvp
Demo: https://astraut-risk-reasoner-mvp.streamlit.app/
Instead of scanning infra, it works from a simple idea:
👉 “Given how this business operates, what are the likely risks?”
You input a company description, and it outputs:
- Risk score
- Top risks
- Recommendations
- 7-day action plan
It’s based on a structured questionnaire + reasoning layer, so outputs are deterministic “risk signals” rather than scan results.
CLI needs a GROQ_API_KEY, but demo works without one.
My take:
Good for:
- Early-stage startups
- Fast risk framing
- Non-security teams needing direction
Not for:
- Vulnerability discovery
- Infra-level validation
- Replacing pentests
Feels like a useful first step before deeper security work, especially where nothing formal exists yet.
Curious if anyone here is using similar approaches for early risk prioritisation.
Top comments (0)