DataBee RiskFlow™: Dashboard AI Agent

  • Updated on Apr 10, 2026
  • Published on Apr 9, 2026
  • 8 minute(s) read
Prev Next

1. Executive Summary

The DataBee RiskFlow™ Dashboard AI Agent is an AI-powered conversational assistant embedded directly within DataBee's Continuous Cyber Risk Management dashboards. It enables security leaders, GRC analysts, and cyber risk officers to interact with their cyber risk data using natural language — eliminating the need to manually navigate dashboards, write queries, or cross-reference documentation.

The AI agent is context-aware: it knows which dashboard the user is viewing, understands the organization's cyber risk documentation (including SLA targets, cyber risk frameworks, and control definitions), and can query live data from the underlying data lake to provide real-time, actionable insights.

Key Value Propositions:

  • Instant Cyber Risk Summaries: Get a complete cyber risk posture assessment in seconds, including SLA status, risk indicators, and remediation guidance.

  • Data-Driven Answers: The agent generates and executes data queries against your organization's data lake to answer specific questions about vulnerabilities, devices, owners, and trends.

  • Cyber Risk Documentation Correlation: Every response is enriched with context from your organization's Control Documentation — including cyber risk targets, framework mappings (NIST CSF, PCI-DSS, CIS, DORA), and escalation procedures.

  • Conversational Follow-Ups: Users can drill deeper with follow-up questions, maintaining context from prior answers to progressively refine their analysis.

  • Actionable Outputs: Responses include recommended actions, device owner identification, and the ability to save insights directly to custom Console dashboards.

2. Feature Overview

The Dashboard AI Agent appears as a floating "Ask DataBee" panel on any cyber risk dashboard. Users can open the chat by clicking the chat icon in the bottom-right corner of the screen. The panel slides in from the right side and can be resized by dragging its left edge.

Figure 1: The Vulnerability Cyber Risk dashboard with the Ask DataBee chat panel open

Figure 1: The Vulnerability Cyber Risk dashboard with the "Ask DataBee" chat panel open. The left sidebar shows available cyber risk dashboards, the center shows the dashboard, and the right panel provides the conversational interface.

2.1 Where It's Available

The AI agent is available on all cyber risk dashboards within the Cyber Risk Management section, including:

  • Vulnerability Cyber Risk

  • Device Inventory Cyber Risk

  • Endpoint Detection Response

  • Phishing

  • Security Training

  • Security Posture Cyber Risk

  • Application Security

  • Policy Exception

  • Secure Logging

  • Business Continuity Management

Note: The AI agent is not available on the Executive Summary page, as it aggregates data from multiple dashboards.

2.2 Access Requirements

To use the Dashboard AI Agent, users need:

  • An active DataBee account with access to the Cyber Risk Management section

  • Authorization to view at least one cyber risk dashboard (configured by your administrator)

  • The RiskFlow entitlement enabled for your tenant

3. How It Works

The Dashboard AI Agent combines three powerful capabilities to deliver intelligent, context-aware responses:

3.1 Dashboard Context Awareness

When you open the chat on a cyber risk dashboard, the agent automatically knows:

  • Which dashboard you're viewing: The agent receives the dashboard name (e.g., "Vulnerability Cyber Risk") and uses it to scope all responses to that specific control.

  • Active filters: Any filters you've applied to the dashboard (date ranges, severity levels, device types) are captured and included in the agent's data queries, ensuring results match what you see on screen.

  • Your authorized reports: The agent only accesses dashboards and data that you are authorized to view, enforcing your organization's access control policies.

3.2 Cyber Risk Documentation Integration

This is what makes the Dashboard AI Agent uniquely powerful. For every cyber risk dashboard, your organization maintains a Control Documentation record (accessible via the Knowledge Base in DataBee). The AI agent retrieves and incorporates this documentation into its responses, providing:

  • Cyber Risk Targets: What percentage of cyber risk coverage your organization aims to achieve (e.g., "≥90% of vulnerabilities with assigned SLAs must be either open but within SLA or closed within SLA").

  • SLA Definitions: The specific remediation timeframes for each severity level (e.g., Critical: 5 days, High: 14 days, Medium: 30 days).

  • Framework Mappings: Which industry standards and regulations the control satisfies (e.g., NIST CSF v2.0, PCI-DSS v4.0, CIS CSC v8.1, DORA).

  • Why It Matters: Business context explaining the risks addressed by the control.

  • Escalation Procedures: Support contacts and escalation paths for critical issues.

  • Control Definitions: Technical details about what is being measured, including numerator/denominator definitions for cyber risk calculations.

This means when you ask "Give me a summary of my cyber risk posture," the agent doesn't just report numbers — it explains what those numbers mean in the context of your organization's cyber risk program, which frameworks require it, and what actions to take.

3.3 Live Data Querying

For questions that require specific data points, the agent generates and executes data queries against your organization's data lake. This enables answers to questions like:

  • "For the critical open vulnerabilities, can you provide me the owners for them?"

  • "Which devices have the longest remediation times for high-severity vulnerabilities?"

  • "Show me all critical vulnerabilities that have exceeded the 5-day SLA"

4. How the AI Agent Understands Your Cyber Risk Program

What sets the Dashboard AI Agent apart from a traditional chatbot is its built-in understanding of your cyber risk program. The agent combines your live cyber risk data, documentation, and policy context to deliver comprehensive, actionable responses:

4.1 How Cyber Risk Documentation Enriches Responses

When a user asks "Give me a summary of my cyber risk posture for this dashboard" on the Vulnerability Cyber Risk dashboard, the agent performs the following correlation:

  1. Identifies the dashboard as "Vulnerability Cyber Risk" from the page context

  2. Retrieves the cyber risk documentation for that control from the Knowledge Base

  3. Queries the data lake for current metrics (cyber risk score, MTTR, closed vulnerabilities by severity)

  4. Correlates the live data with the documented SLA targets (Critical: 5 days, High: 14 days, etc.)

  5. Flags any severity levels exceeding their SLA (e.g., Critical at 9.1 days vs. 5-day target)

  6. References the applicable cyber risk frameworks (NIST CSF v2.0, PCI-DSS v4.0, CIS CSC v8.1, DORA)

  7. Includes the documented cyber risk target (≥90%) and explains what it means

  8. Provides recommended actions based on the gap analysis

  9. Lists escalation contacts from the cyber risk documentation

The result is a comprehensive, context-rich response that a GRC analyst can use directly for reporting, executive briefings, or audit preparation — without having to manually cross-reference multiple sources.

5. User Experience Walkthrough

The following walkthrough demonstrates the Dashboard AI Agent on the Vulnerability Cyber Risk dashboard.

Step 1: Open the AI Agent

Navigate to any cyber risk dashboard (e.g., Cyber Risk > Vulnerability Cyber Risk). Click the chat icon in the bottom-right corner. The "Ask DataBee" panel slides in from the right with the welcome message.

Step 2: Ask a Cyber Risk Summary Question

Prompt: "Give me a summary of my cyber risk posture for this dashboard."

Step 3: Review the Cyber Risk Posture Summary

The agent responds with a structured summary including a Key Cyber Risk Metrics table correlating live data with SLA targets from the Control Documentation. The agent flags Critical vulnerabilities as "AT RISK" because the 9.1-day MTTR exceeds the 5-day SLA target — this SLA information comes directly from the Control Documentation.

Figure 2: Cyber risk posture summary with Control Documentation correlation

Figure 2: The cyber risk documentation correlation showing Critical Findings, Cyber Risk Targets with metric definitions, Regulatory Framework Alignment (NIST CSF v2.0, PCI-DSS v4.0, CIS CSC v8.1, DORA), and "Why This Matters" business context — all correlated from the Control Documentation.

The response includes:

  • Critical Findings: Highlights the most important issues, such as critical vulnerabilities exceeding their SLA.

  • Cyber Risk Target: States your organization's target cyber risk score (e.g., ≥90%) with the formula from Control Documentation.

  • Regulatory Frameworks: Lists the specific standards this dashboard aligns with: NIST CSF v2.0 (Risk Assessment), PCI-DSS v4.0 (Requirement 11.3), CIS CSC v8.1 (Control 7), DORA (Vulnerability and patch management).

  • Why This Matters: Explains business impact: unpatched vulnerabilities are a common attack vector; non-cyber risk increases risk of data breaches, ransomware, regulatory penalties, and reputational damage.

  • Recommended Actions: Specific guidance: 1) Escalate Critical Vulnerabilities, 2) Review Remediation Processes, 3) Maintain High/Medium Performance.

  • Support Contact & Escalation: Contact information and 24/7 escalation procedures sourced from the Control Documentation.

  • Follow-Up Suggestions: Clickable buttons with contextually relevant next questions.

Step 4: Ask a Follow-Up Data Question

Prompt: "For the critical open vulnerabilities, can you provide me the owners for them?"

Step 5: Review the Data-Driven Response

The agent generates a data query, executes it against your data lake, and returns structured results including:

  • Query Explanation: A plain-language description of the query logic.

  • Expandable Query: A collapsible section showing the exact query for review or reuse.

  • Interactive Results Table: Owner information for vulnerability-affected devices with CVE IDs, owner names, emails, job titles, and hostnames.

  • Ownership Summary: Natural-language interpretation identifying assigned vs. unassigned devices.

  • Add to Console: An "Add To Console" button saves the query as a persistent monitoring widget.

6. Capabilities & Response Types

6.1 Types of Questions You Can Ask

Cyber Risk Summaries

  • "Give me a summary of my cyber risk posture for this dashboard"

  • "What is our current cyber risk score?"

  • "How are we performing against our SLA targets?"

Data Queries

  • "Show me all critical open vulnerabilities"

  • "Who owns the devices with the most unpatched vulnerabilities?"

  • "Which systems have been non-compliant for the longest?"

Metric Explanations

  • "What does MTTR mean in this context?"

  • "How is the cyber risk percentage calculated?"

Trend Analysis

  • "How has our cyber risk score changed over the past 6 months?"

Framework & Regulatory Context

  • "Which cyber risk frameworks does this control satisfy?"

Escalation & Support

  • "Who should I contact about critical cyber risk issues?"

6.2 Response Formats

  • Structured Tables: Severity breakdowns, cyber risk status grids, device inventories

  • Narrative Summaries: Cyber risk posture assessments with business context

  • Data Tables with Queries: Results with expandable query logic and time range selectors

  • Actionable Recommendations: Prioritized remediation guidance with escalation contacts

  • Framework References: Regulatory citations and standard mappings

  • Follow-Up Suggestions: Contextually relevant next questions as clickable buttons

7. Getting Started

  1. Navigate to a cyber risk dashboard: Go to Cyber Risk in the top navigation bar, then select any control dashboard from the left sidebar.

  2. Open the AI Agent: Click the chat icon in the bottom-right corner. The "Ask DataBee" panel opens from the right.

  3. Ask Your First Question: Start with "Give me a summary of my cyber risk posture for this dashboard."

  4. Drill Deeper: Use the suggested follow-up questions or type your own.

  5. Save Insights: Click "Add To Console" on any data query result to save it as a monitoring widget.

  6. Provide Feedback: Use the thumbs up/down buttons to help improve responses.

  7. Start a New Investigation: Click "+ New Chat" to reset context and begin a new inquiry.

8. Best Practices

  • Start Broad, Then Drill Down: Begin with a cyber risk summary, then ask follow-ups to investigate specific areas.

  • Use Dashboard Filters First: Apply filters on the dashboard before asking questions — the agent incorporates them automatically.

  • Be Specific in Data Queries: Include severity levels, time periods, or device types for targeted results.

  • Leverage Follow-Up Suggestions: The agent's suggested questions guide you toward the most valuable insights.

  • Verify AI-Generated Insights: Cross-reference critical findings with dashboard data before making decisions.

  • Use Conversation Context: Follow-up questions maintain context. Use phrases like "for those devices" to build on prior answers.

  • Save Recurring Queries: Use "Add To Console" to save frequently used queries as persistent widgets.

Copyright © 2026 DataBee®, A Comcast Company.
DataBee® is a registered trademark of Comcast.