The sensei·Behind every vul.ninja check

Meet Sensei Hiro.

The intelligence behind every vul.ninja check.

Same intelligence across the loop: find on the dashboard, fix in your editor through MCP, validate before any IaC change ships.

/sen-seh hee-roh/

See How It WorksConnect to Your AI Tool

What Sensei Hiro does.

Reviews your IaC before deploy

Inspects Terraform, CloudFormation, and Kubernetes manifests for misconfigurations before apply — so the broken config never ships.

Catches privilege escalation paths

Reads IAM policies for wildcard actions, escalation primitives, and role assumptions that quietly hand attackers the kingdom.

Translates findings into code

Returns the actual fix — a template diff or an LLM-generated patch — not a paragraph telling you what to read about.

Learns across your infrastructure

Tracks findings across scans so posture trends are visible and recurring patterns surface without asking.

Talking to Sensei Hiro.

Two surfaces, same sensei — whether your AI agent calls him over MCP or you ask him a question in the dashboard.

Your agent · over MCP

agent · vul.ninja MCP
$ claude apply infrastructure/prod-bucket.tf
 
→ vulninja.assess_iac_change(plan)
 
  CRITICAL  S3 bucket public-read ACL on prod-data-store
  finding   public_acl_on_sensitive_bucket
  fix       remove ACL → enforce bucket policy
 
✗ Apply blocked. Run get_remediation? (y/N)

Sensei Hiro speaks in findings, not paragraphs.

You · in the dashboard

What are my biggest risks right now?

Sensei Hiro

You have 5 critical findings that need immediate attention:

  • 3 S3 buckets with public access — production data exposed to the internet
  • 2 IAM users with admin privileges — least-privilege violation

Risk score is 67/100 (HIGH). Fixing these five drops it to ~45 (MEDIUM).

Suggested questions:

Same intelligence, in plain English — for the human at the keyboard.

The name

先生Sensei — Japanese for teacher / master
Hiro — meaning abundant, generous, tolerant

A teacher's mind, abundantly applied.

Ready to meet Sensei Hiro?

Connect your AI tool to vul.ninja and start running security checks inline.

Get an API keySee setup instructions

Important: AI limitations & your responsibility

Sensei Hiro is an AI — and AIs make mistakes. He runs on state-of-the-art models (Claude Sonnet 4.6) with extensive safety measures, but his responses can still contain inaccuracies, hallucinations, or incomplete information.

You are responsible for verifying all information. Hiro's responses are meant to assist and guide your security analysis, but they should not be treated as authoritative without human review. Always:

  • Verify critical security findings independently
  • Double-check remediation guidance before applying changes
  • Cross-reference his suggestions with official documentation
  • Use your professional judgment and security expertise
  • Review all auto-generated code or configuration changes

Sensei Hiro is a tool to augment your expertise, not replace it. He works from the sanitized summary of your scan data, and doesn't have full context on your infrastructure, business requirements, or risk tolerance.

No warranty: Hiro's responses are provided "as is" without warranty of any kind. See our Terms of Service for complete legal terms.