AI Analysis - ChangeGuard

ChangeGuard includes AI-powered analysis of your cluster’s security posture. By default this runs server-side on Amazon Bedrock using Anthropic’s Claude — there is nothing to install and no GPU required. For self-hosted or air-gapped environments, you can route inference through NVIDIA NIM instead.

Inference backends

Backend	Where it runs	Requirements
Amazon Bedrock (default)	ChangeGuard platform (managed)	None — built in
NVIDIA NIM — Cloud	NVIDIA-hosted API	NVIDIA API key
NVIDIA NIM — AWS	Your SageMaker/EC2 endpoint	NIM deployed
NVIDIA NIM — on-cluster	NIM container in your cluster	GPU node

What AI Analyzes

Risk explanations — why a CVE or finding matters
Remediation guidance — specific commands to fix issues
Compliance mapping — which controls a finding affects
Attack path narrative — privilege escalation chains in plain English

Configuration

AI analysis works out of the box on Amazon Bedrock — no configuration required. Add an ai block to your ChangeGuardAgent resource only if you want to route inference through NVIDIA NIM instead.

spec:
  ai:
    mode: cloud
    apiKeySecretRef:
      name: nvidia-api-key
    model: "meta/llama-3.1-70b-instruct"

See NVIDIA NIM Integration for detailed setup.

Export & Reporting NVIDIA NIM

​Inference backends

​What AI Analyzes

​Configuration

Inference backends

What AI Analyzes

Configuration