📡 API Reference

AI Security Hub API Docs

Complete reference for all REST API endpoints. Secure, versioned, enterprise-ready. Build, integrate, automate.

BASE URL https://cyberdudebivash.in
Authentication
🔑
JWT Bearer Token
Obtain via POST /api/auth/login — include as Authorization: Bearer <token>
🗝
API Key (cdb_*)
Generated in dashboard — include as X-API-Key: cdb_your_key
👤
Anonymous / IP Fallback
Free-tier read endpoints are available without auth. Rate-limited per IP.
POST /api/auth/login FREE Obtain JWT token
Request Body
{
  "email": "[email protected]",
  "password": "your-password"
}
Response
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "expires_in": 86400,
  "user": { "id": "usr_...", "tier": "FREE" }
}
Status Codes
200 OK 400 Invalid credentials
Rate Limits
FREE
50
requests / hour
STARTER
500
requests / hour
PRO
5,000
requests / hour
ENTERPRISE
Unlimited
custom SLA

Exceeded limits return HTTP 429 with header Retry-After: <seconds>.

Pillar 1 — AI Security Posture Management
POST /api/ai-security/assets/register STARTER+ Register AI asset
Request Body
{
  "name": "My GPT-4 Agent",
  "type": "agent",       // model | agent | rag | api | pipeline
  "provider": "openai",
  "endpoint": "https://api.openai.com/v1/chat/completions",
  "env": "production"
}
Response
{
  "asset_id": "ast_01JX...",
  "security_score": 74,
  "risk_level": "MEDIUM",
  "created_at": "2025-06-09T14:30:00Z"
}
GET /api/ai-security/assets STARTER+ List all AI assets
Query Parameters
ParamTypeRequiredDescription
typestringoptionalFilter: model | agent | rag | api
riskstringoptionalFilter: CRITICAL | HIGH | MEDIUM | LOW
limitnumberoptionalDefault 20, max 100
POST /api/ai-security/assets/:id/scan PRO+ Run security scan
Path Parameters
ParamTypeRequiredDescription
idstringrequiredAsset ID from register
Response
{
  "scan_id": "scn_01JX...",
  "findings": [
    { "id": "F001", "severity": "HIGH", "title": "Prompt Injection Vector" }
  ],
  "score": 62,
  "owasp_llm_hits": ["LLM01","LLM02"]
}
Pillar 2 — AI Governance Center
GET /api/ai-security/governance/frameworks FREE List compliance frameworks
Response
{
  "frameworks": [
    { "id": "nist-ai-rmf", "name": "NIST AI RMF 1.0", "controls": 72 },
    { "id": "iso-42001",   "name": "ISO/IEC 42001:2023", "controls": 38 },
    { "id": "eu-ai-act",   "name": "EU AI Act", "controls": 44 },
    { "id": "owasp-llm",  "name": "OWASP LLM Top 10", "controls": 10 }
  ]
}
POST /api/ai-security/governance/assess STARTER+ Start governance assessment
Request Body
{
  "framework_id": "nist-ai-rmf",
  "org_context": "Financial services, 500 employees",
  "ai_use_cases": ["fraud detection", "customer chatbot"]
}
Pillar 3 — AI Red Team Platform
POST /api/ai-security/redteam/engage PRO+ Initiate red team engagement
Request Body
{
  "target_asset_id": "ast_01JX...",
  "attack_categories": ["prompt_injection","jailbreak","rag_poisoning"],
  "intensity": "standard"  // light | standard | full
}
Response
{
  "engagement_id": "eng_01JX...",
  "status": "running",
  "attack_count": 247,
  "eta_seconds": 120
}
GET /api/ai-security/redteam/:id/report PRO+ Get engagement report
Response
{
  "engagement_id": "eng_01JX...",
  "overall_risk": "HIGH",
  "attacks_succeeded": 14,
  "attacks_total": 247,
  "critical_findings": [ /* ... */ ],
  "remediation_plan": { /* ... */ }
}
Pillar 4 — AI Agent Security
POST /api/ai-security/agents/scan STARTER+ Scan AI agent configuration
Request Body
{
  "agent_type": "langchain",  // openai | langchain | crewai | autogen | mcp
  "tools": ["web_search","code_exec","file_write"],
  "system_prompt": "You are a helpful assistant..."
}
Response
{
  "risk_score": 83,
  "risk_level": "HIGH",
  "issues": [
    { "type": "OVER_PRIVILEGED_TOOL", "tool": "file_write", "severity": "CRITICAL" },
    { "type": "SYSTEM_PROMPT_INJECTION_RISK", "severity": "HIGH" }
  ]
}
Pillar 5 — AI Threat Intelligence
GET /api/ai-security/threat-feed FREE Live AI threat intelligence feed
Query Parameters
ParamTypeRequiredDescription
typestringoptionalprompt_attacks | agent_threats | ai_cves | model_advisories
severitystringoptionalCRITICAL | HIGH | MEDIUM | LOW
limitnumberoptionalDefault 20, max 100
Response
{
  "feed": [
    {
      "id": "ATI-2025-0047",
      "type": "prompt_attack",
      "title": "Multi-turn Jailbreak via Role Persistence",
      "severity": "HIGH",
      "published": "2025-06-09T08:00:00Z"
    }
  ],
  "total": 847,
  "updated_at": "2025-06-09T14:00:00Z"
}
Vibe Code Security Scanner
POST /api/vibe-code/scan FREE (gated) Scan AI-generated code
Request Body
{
  "code": "const query = `SELECT * FROM users WHERE id = ${req.params.id}`",
  "language": "javascript",  // js | ts | py | go | java | php | rb | cs | rs
  "context": "express api route"
}
Response (FREE)
{
  "ok": true,
  "risk_grade": "F",
  "risk_score": 94,
  "findings": [ /* top 3 findings visible */ ],
  "locked_count": 7,
  "gated": true,
  "upgrade": { "price": "₹499", "url": "https://cyberdudebivash.in/pricing" }
}
Response (STARTER+)
{
  "ok": true,
  "risk_grade": "F",
  "risk_score": 94,
  "tier": "starter",
  "gated": false,
  "findings": [
    {
      "rule_id": "CDB-SQL-001",
      "title": "SQL Injection via String Interpolation",
      "severity": "CRITICAL",
      "cwe": "CWE-89",
      "line": 1,
      "remediation": "Use parameterized queries..."
    }
  ]
}
GET /api/vibe-code/patterns FREE Get rule catalog
Response
{
  "total_rules": 47,
  "categories": ["injection","auth","secrets","crypto","ssrf","ai_llm"],
  "patterns": [ /* full rule catalog */ ]
}
MCP Security Scanner
POST /api/mcp-security/scan STARTER+ Scan MCP server configuration
Request Body
{
  "mcp_config": {
    "server_url": "https://mcp.example.com/sse",
    "tools": ["read_file", "execute_code"],
    "auth_method": "oauth2"
  }
}
MYTHOS God Mode API — Autonomous 12-Phase Orchestrator

MYTHOS GOD MODE v4.0 runs a 12-phase autonomous security orchestration pipeline. All read endpoints are public (no auth required); the run trigger requires an x-api-key admin key.

GET /api/mythos/god-mode/status Live pipeline status — is a run in progress, last run summary, lifetime metrics
Returns the current execution state of the God Mode pipeline, last completed run summary, and lifetime run statistics. No authentication required.
curl https://cyberdudebivash.in/api/mythos/god-mode/status
GET /api/mythos/god-mode/ciso CISO executive intel pack — posture gauge, threat highlights, recommendations
Returns the full CISO intelligence package: executive summary with posture grade (A–F), critical CVE counts, CISA KEV entries, MITRE TTPs detected, and prioritized remediation recommendations.
curl https://cyberdudebivash.in/api/mythos/god-mode/ciso
GET /api/mythos/god-mode/aspm AI Security Posture Management snapshot — ASPM score, findings, zero-trust anomalies
Returns the ASPM snapshot: assets scanned, overall posture, critical findings, open risks, and zero-trust anomalies including API abuse detections.
curl https://cyberdudebivash.in/api/mythos/god-mode/aspm
GET /api/mythos/god-mode/compliance Compliance posture — ISO 27001, SOC 2, NIST CSF, GDPR, DPDP 2023, OWASP LLM
Returns compliance posture mapping active CVEs to control gaps across six frameworks.
curl https://cyberdudebivash.in/api/mythos/god-mode/compliance
GET /api/mythos/god-mode/hunt-pack SOAR hunt pack — auto-generated Sigma, KQL, YARA detection rules
Returns Sigma rules, KQL hunt queries, and YARA signatures auto-generated for each active CVE.
curl https://cyberdudebivash.in/api/mythos/god-mode/hunt-pack
POST /api/mythos/god-mode/run Trigger a full 12-phase God Mode run — admin only
Triggers an asynchronous 12-phase autonomous security orchestration run. Returns immediately with a job ID. Requires an x-api-key admin header.
curl -X POST https://cyberdudebivash.in/api/mythos/god-mode/run \
  -H "Content-Type: application/json" \
  -H "x-api-key: <YOUR_ADMIN_KEY>" \
  -d '{"max_items": 20}'
Error Codes
CodeStatusMeaning
AUTH_REQUIRED401JWT or API key required for this endpoint
TIER_REQUIRED403Current plan insufficient — upgrade required
RATE_LIMITED429Too many requests — check Retry-After header
VALIDATION_ERROR400Request body failed validation — check the errors array
NOT_FOUND404Resource does not exist or belongs to another account
INTERNAL_ERROR500Platform error — contact support with x-request-id