Platform Settings

Configure AI models, branding, and system preferences

AI Provider API Keys

The platform uses the built-in Forge AI gateway by default — no key required. Add API keys for OpenAI or Anthropic Claude to route agents directly to those providers for higher quality or specific model access.

OpenAI API KeyGPT-4o, GPT-4o-mini

Recommended for Standard tier — GPT-4o-mini offers excellent cost/quality balance.

Anthropic API KeyClaude 3.5 Sonnet — Recommended

Strongly recommended for Premium tier. Claude 3.5 Sonnet produces the best security writing quality for board reports, gap analysis, and Victoria's strategic advice. Get your key at console.anthropic.com.

All API keys are stored encrypted in the database and are never exposed in the frontend after saving. Keys are only used server-side.

Model Tier Definitions

Define which model is used for each tier. These are used when routing AI calls.

Premium

Highest quality — complex reasoning, long documents, board reports

Model Name

e.g. claude-3-5-sonnet-20241022, gpt-4o

Standard

Balanced quality and cost — policy drafts, risk analysis, SSP narratives

Model Name

e.g. gpt-4o-mini, claude-3-haiku-20240307

Economy

Lowest cost — simple guidance, summaries, work queue suggestions

Model Name

e.g. gemini-2.0-flash-lite, gpt-3.5-turbo

AI Agent Model Assignment

Assign a cost tier to each AI agent. Premium agents use the most capable model; Economy agents use the cheapest model to keep costs low.

Victoria — vCISO Strategic Advisor

Program strategy, board communication, executive briefings

Marco — Security Architect

Architecture reviews, threat modeling, technical design

Elena — Compliance Officer

Framework mapping, policy review, audit preparation

James — Risk Analyst

Risk scoring, vendor assessments, risk register updates

Aria — AppSec Engineer

SAST/DAST guidance, secure code review, pipeline security

Derek — SOC Analyst

Alert triage, incident response, SIEM correlation

AI Function Model Assignment

Assign a cost tier to each AI-powered function. Board reports need premium quality; simple guidance lookups can use economy models.

Gap Report Generation

AI-generated gap analysis from discovery findings

Board Report Generation

Executive-level security program summaries

Policy Drafting

Auto-draft security policies from templates

Risk Analysis

Risk scoring and treatment recommendations

SSP Narrative Writing

System Security Plan section narratives

Threat Modeling

STRIDE threat identification and mitigation

Control Guidance

Implementation guidance for security controls

Work Queue Suggestions

AI-suggested work items and priorities

Cost Optimization Strategy

The platform defaults agents and functions to the most appropriate tier. Victoria (vCISO) and report generation use Premium for quality. Policy drafting and risk analysis use Standard for balance. Simple lookups and work queue suggestions use Economy to minimize cost. You can override any assignment above.