← Back to Puffin AI

AI Transparency

How Puffin AI works, what it can do, and what it cannot.

What is Puffin AI?

Puffin AI is a cybersecurity intelligence assistant that helps security professionals analyze vulnerabilities, monitor threat intelligence, and understand cyber risks. It combines data from 40+ security data sources with AI-powered natural language understanding to provide actionable intelligence.

What AI Model Powers Puffin AI?

Puffin AI uses Google Gemini 3.1 Flash Lite, a large language model developed by Google DeepMind, to generate responses. The specific model identifier is gemini-3.1-flash-lite-preview. When you ask a question, Puffin AI:

  1. Searches its cybersecurity database using semantic (meaning-based) search to find relevant vulnerability records, advisories, and threat data.
  2. Assembles context from matching records across multiple data sources (NVD, OSV, MITRE ATT&CK, CISA KEV, etc.).
  3. Generates a response by sending the assembled context along with your question to Google Gemini, which synthesizes the information into a coherent answer.

This architecture is called Retrieval-Augmented Generation (RAG) — it grounds AI responses in real data rather than relying solely on the model's training knowledge.

What Data Does It Access?

Puffin AI has access to curated cybersecurity intelligence from publicly available sources, including:

NVD (National Vulnerability Database)
EPSS (Exploit Prediction Scoring System)
CISA KEV (Known Exploited Vulnerabilities)
MITRE ATT&CK Framework
OSV (Open Source Vulnerabilities)
ExploitDB & PoC References
Vendor Security Advisories
GreyNoise & AbuseIPDB Threat Data
CIRCL CVE Intelligence
Cyber News & Publications
Cloud Vulnerability Databases
Software Bill of Materials (SBOM)

Puffin AI does not access your private systems, networks, or internal documents unless you explicitly share information in the chat.

Limitations

⚠️ May produce inaccurate information

Like all AI systems, Puffin AI can sometimes generate incorrect or misleading responses. Always verify critical security findings against authoritative sources before taking action.

📅 Data freshness varies

Data sources are synchronized periodically. There may be a delay between when a vulnerability is published and when it appears in Puffin AI's database.

🔒 Not a replacement for professional assessment

Puffin AI is a research and intelligence tool. It does not replace professional security assessments, penetration testing, or compliance audits.

🌐 Public data only

Responses are based on publicly available cybersecurity data. Puffin AI has no visibility into your specific environment, configurations, or internal vulnerabilities.

Your Interaction with Puffin AI

  • All chat responses are AI-generated and are clearly labeled as such in the interface.
  • You are interacting with an automated AI system, not a human analyst.
  • Chat messages are stored to maintain your conversation history. You can delete conversations at any time from the sidebar.
  • Puffin AI does not use your conversations to train or improve its AI models.

Report Inaccuracies

If you encounter an inaccurate, misleading, or harmful AI response, please contact us at contact@puffintech.io. Your feedback helps us improve the system.

This page is provided in compliance with the EU AI Act (Article 4 — AI Literacy, Article 52 — Transparency obligations for certain AI systems).

Last updated: April 4, 2026 · Privacy Policy · Back to Puffin AI