Whether it’s about cloud risks, compliance gaps, or code security, I’m here to answer questions and connect the dots. Here are just a few examples of questions I hear a lot:Documentation Index
Fetch the complete documentation index at: https://docs.pleri.ai/llms.txt
Use this file to discover all available pages before exploring further.
Public assets
Any publicly exposed assets in our cloud?
Vulnerability
Are we getting better or worse at vulnerability management?
Vulnerabilities approaching SLA deadlines
Any vulnerabilities in our cloud environments that are approaching SLA?
Our SLA policies:
- Critical: <critical_severity_sla> hours
- High: <high_severity_sla> hours
- Medium: <medium_severity_sla> hours
- Low: <low_severity_sla> hours
Warning thresholds (advance notice):
- Critical: <critical_severity_threshold> hours
- High: <high_severity_threshold> hours
- Medium: <medium_severity_threshold> hours
- Low: <low_severity_threshold> hours
Vulnerabilities past SLA deadlines
Any vulnerabilities in our cloud environments that have already breached their SLA deadlines?
Our SLA policies:
- Critical: <critical_severity_sla> hours
- High: <high_severity_sla> hours
- Medium: <medium_severity_sla> hours
- Low: <low_severity_sla> hours
Attack paths
Any attack paths in our cloud environment?
SOC 2
Any controls/tests failing against SOC 2?
Show more examples
Show more examples
Remediation
Help me remediate <Vulnerability ID>
Laptops
Who isn't running the latest version of macOS?
Roadmap
What's on your roadmap? What features are coming?
Guided remediation for a developer persona
I've got a finding I don't fully understand and I'm short on time. Review the findings for this Resource, identify what I should fix first
Current mitigation attempts: <brief notes or "none">
Constraints: <eg change freeze window, need zero downtime, etc>
Walk me through a clear, step by step fix I can apply right now. Explain WHY each step matters and call out any safety checks or roll‑back tips. Limit jargon, link to any docs I should reference, and estimate effort in hours.
Implementation plan/change management (CAB - change advisory board) for Developer/CISO/CIO/CTO
I need a CAB‑ready change plan for this remediation.
Finding IDs: <list>
Business objective: <eg maintain PCI compliance, no downtime>
Planned window: <dates / times>
Teams involved: <names / roles>
Generate:
1. High level change description and justification
2. Detailed implementation steps with owner, start‑finish time, rollback steps
3. Pre and post‑change validation checks
4. Communication plan – who gets notified and when
5. Risk assessment scored Low/Med/High with mitigation notes
Return in bulleted Markdown I can paste straight into the CAB ticket.
Planning and delivery for Developers/Managers/Leads
Help me prioritise security work for the next sprint.
Backlog: <CSV or bullet list of findings with severities>
Team capacity: <dev hours or headcount>
Desired outcome: <eg meet 80% SLA on High findings, no Sev1 open by Q4>
Timeline: <eg 2 weeks sprint, or Q3 roadmap>
Return a ranked backlog with:
- Effort estimate (S, M, L, XL)
- Business impact score
- Dependencies or blockers
- Recommended sprint placement (Now, Next, Later)
Finish with a burndown projection so I can see if the goal is realistic.
Architecture diagram for Cloud Engineer/CISO/CIO
Generate an up‑to‑date cloud diagram that shows:
- Account Structure
- Public / private VPC and subnets
- All public‑facing endpoints and internet path
- Identity trust links and cross‑account roles
- Critical data stores with sensitivity level
- Potential blast radius if Asset <ARN or tag> is breached
Output format: Mermaid (simple, readable and detailed)
Scope: <All Account, Prod accounts>
Add a short paragraph that explains the biggest exposure paths in plain language for execs.
Democratise knowledge gap for Security Engineer/Developer
Explain this finding like I'm brand new to cloud security.
Finding ID: <ID>
Include:
- What it means in everyday terms
- Why attackers care
- A quick win fix I can do today
- Links to two deeper dive resources
Keep it under 300 words, bullet where helpful.
Reduce burden of/augment hiring and training for CISO/CIO
Estimate how much manual effort this remediation program would take without automation.
Program details: <describe project or control set>
Assumed team skill mix: <eg 1 senior, 2 juniors>
Time horizon: <eg 12 months>
Return a table‑style bullet list with:
- Task
- Manual hours
- Automated hours (using Plerion)
- Annual cost saving (at AUD $X per loaded hour)
Close with a short pitch I can use to defend the tooling budget
Reduce context switching/easier to get outcomes for Security Engineer/DevOps
I'm in the browser looking at CVE‑2024‑5678.
Query: "Where else does this CVE exist in my environment?"
Give:
- List of affected assets with direct links to the finding in Plerion
- Severity and exposure (public, internal, dev)
- Owner details from AWS tags
Ticketing and triage for DevOps/Developer/Security Engineer
Enrich Jira ticket SEC‑123.
Ticket fields: <paste JSON or free text>
Needed enrichment: root cause analysis, recommended fix, effort estimate, rollback plan.
Write back a formatted Jira comment with headings:
Root Cause, Impact, Fix Steps, Verification, Rollback.
Compliance & Security bridge for Security Engineer/CISO/CIO
Map these security findings to compliance gaps.
Frameworks in scope: <eg SOC 2, ISO 27001>
Finding IDs: <list>
Return a matrix style bullet list:
- Finding
- Control ID(s) violated
- Evidence needed for closure
- Recommended remediation owner
Finish with a summary paragraph on overall compliance risk and next steps.