Authentication
JWT Bearer Token
Obtain via
POST /api/auth/login — include as Authorization: Bearer <token>API Key (cdb_*)
Generated in dashboard — include as
X-API-Key: cdb_your_keyAnonymous / IP Fallback
Free-tier read endpoints are available without auth. Rate-limited per IP.
POST
/api/auth/login
FREE
Obtain JWT token
Request Body
{
"email": "[email protected]",
"password": "your-password"
}
Response
{
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"expires_in": 86400,
"user": { "id": "usr_...", "tier": "FREE" }
}
Status Codes
200 OK
400 Invalid credentials
Rate Limits
FREE
50
requests / hour
STARTER
500
requests / hour
PRO
5,000
requests / hour
ENTERPRISE
Unlimited
custom SLA
Exceeded limits return HTTP 429 with header Retry-After: <seconds>.
Pillar 1 — AI Security Posture Management
POST
/api/ai-security/assets/register
STARTER+
Register AI asset
Request Body
{
"name": "My GPT-4 Agent",
"type": "agent", // model | agent | rag | api | pipeline
"provider": "openai",
"endpoint": "https://api.openai.com/v1/chat/completions",
"env": "production"
}
Response
{
"asset_id": "ast_01JX...",
"security_score": 74,
"risk_level": "MEDIUM",
"created_at": "2025-06-09T14:30:00Z"
}
GET
/api/ai-security/assets
STARTER+
List all AI assets
Query Parameters
| Param | Type | Required | Description |
|---|---|---|---|
| type | string | optional | Filter: model | agent | rag | api |
| risk | string | optional | Filter: CRITICAL | HIGH | MEDIUM | LOW |
| limit | number | optional | Default 20, max 100 |
POST
/api/ai-security/assets/:id/scan
PRO+
Run security scan
Path Parameters
| Param | Type | Required | Description |
|---|---|---|---|
| id | string | required | Asset ID from register |
Response
{
"scan_id": "scn_01JX...",
"findings": [
{ "id": "F001", "severity": "HIGH", "title": "Prompt Injection Vector" }
],
"score": 62,
"owasp_llm_hits": ["LLM01","LLM02"]
}
Pillar 2 — AI Governance Center
GET
/api/ai-security/governance/frameworks
FREE
List compliance frameworks
Response
{
"frameworks": [
{ "id": "nist-ai-rmf", "name": "NIST AI RMF 1.0", "controls": 72 },
{ "id": "iso-42001", "name": "ISO/IEC 42001:2023", "controls": 38 },
{ "id": "eu-ai-act", "name": "EU AI Act", "controls": 44 },
{ "id": "owasp-llm", "name": "OWASP LLM Top 10", "controls": 10 }
]
}
POST
/api/ai-security/governance/assess
STARTER+
Start governance assessment
Request Body
{
"framework_id": "nist-ai-rmf",
"org_context": "Financial services, 500 employees",
"ai_use_cases": ["fraud detection", "customer chatbot"]
}
Pillar 3 — AI Red Team Platform
POST
/api/ai-security/redteam/engage
PRO+
Initiate red team engagement
Request Body
{
"target_asset_id": "ast_01JX...",
"attack_categories": ["prompt_injection","jailbreak","rag_poisoning"],
"intensity": "standard" // light | standard | full
}
Response
{
"engagement_id": "eng_01JX...",
"status": "running",
"attack_count": 247,
"eta_seconds": 120
}
GET
/api/ai-security/redteam/:id/report
PRO+
Get engagement report
Response
{
"engagement_id": "eng_01JX...",
"overall_risk": "HIGH",
"attacks_succeeded": 14,
"attacks_total": 247,
"critical_findings": [ /* ... */ ],
"remediation_plan": { /* ... */ }
}
Pillar 4 — AI Agent Security
POST
/api/ai-security/agents/scan
STARTER+
Scan AI agent configuration
Request Body
{
"agent_type": "langchain", // openai | langchain | crewai | autogen | mcp
"tools": ["web_search","code_exec","file_write"],
"system_prompt": "You are a helpful assistant..."
}
Response
{
"risk_score": 83,
"risk_level": "HIGH",
"issues": [
{ "type": "OVER_PRIVILEGED_TOOL", "tool": "file_write", "severity": "CRITICAL" },
{ "type": "SYSTEM_PROMPT_INJECTION_RISK", "severity": "HIGH" }
]
}
Pillar 5 — AI Threat Intelligence
GET
/api/ai-security/threat-feed
FREE
Live AI threat intelligence feed
Query Parameters
| Param | Type | Required | Description |
|---|---|---|---|
| type | string | optional | prompt_attacks | agent_threats | ai_cves | model_advisories |
| severity | string | optional | CRITICAL | HIGH | MEDIUM | LOW |
| limit | number | optional | Default 20, max 100 |
Response
{
"feed": [
{
"id": "ATI-2025-0047",
"type": "prompt_attack",
"title": "Multi-turn Jailbreak via Role Persistence",
"severity": "HIGH",
"published": "2025-06-09T08:00:00Z"
}
],
"total": 847,
"updated_at": "2025-06-09T14:00:00Z"
}
Vibe Code Security Scanner
POST
/api/vibe-code/scan
FREE (gated)
Scan AI-generated code
Request Body
{
"code": "const query = `SELECT * FROM users WHERE id = ${req.params.id}`",
"language": "javascript", // js | ts | py | go | java | php | rb | cs | rs
"context": "express api route"
}
Response (FREE)
{
"ok": true,
"risk_grade": "F",
"risk_score": 94,
"findings": [ /* top 3 findings visible */ ],
"locked_count": 7,
"gated": true,
"upgrade": { "price": "₹499", "url": "https://cyberdudebivash.in/pricing" }
}
Response (STARTER+)
{
"ok": true,
"risk_grade": "F",
"risk_score": 94,
"tier": "starter",
"gated": false,
"findings": [
{
"rule_id": "CDB-SQL-001",
"title": "SQL Injection via String Interpolation",
"severity": "CRITICAL",
"cwe": "CWE-89",
"line": 1,
"remediation": "Use parameterized queries..."
}
]
}
GET
/api/vibe-code/patterns
FREE
Get rule catalog
Response
{
"total_rules": 47,
"categories": ["injection","auth","secrets","crypto","ssrf","ai_llm"],
"patterns": [ /* full rule catalog */ ]
}
MCP Security Scanner
POST
/api/mcp-security/scan
STARTER+
Scan MCP server configuration
Request Body
{
"mcp_config": {
"server_url": "https://mcp.example.com/sse",
"tools": ["read_file", "execute_code"],
"auth_method": "oauth2"
}
}
MYTHOS God Mode API — Autonomous 12-Phase Orchestrator
MYTHOS GOD MODE v4.0 runs a 12-phase autonomous security orchestration pipeline. All read endpoints are public (no auth required); the run trigger requires an x-api-key admin key.
GET
/api/mythos/god-mode/status
Live pipeline status — is a run in progress, last run summary, lifetime metrics
▾
Returns the current execution state of the God Mode pipeline, last completed run summary, and lifetime run statistics. No authentication required.
curl https://cyberdudebivash.in/api/mythos/god-mode/status
GET
/api/mythos/god-mode/ciso
CISO executive intel pack — posture gauge, threat highlights, recommendations
▾
Returns the full CISO intelligence package: executive summary with posture grade (A–F), critical CVE counts, CISA KEV entries, MITRE TTPs detected, and prioritized remediation recommendations.
curl https://cyberdudebivash.in/api/mythos/god-mode/ciso
GET
/api/mythos/god-mode/aspm
AI Security Posture Management snapshot — ASPM score, findings, zero-trust anomalies
▾
Returns the ASPM snapshot: assets scanned, overall posture, critical findings, open risks, and zero-trust anomalies including API abuse detections.
curl https://cyberdudebivash.in/api/mythos/god-mode/aspm
GET
/api/mythos/god-mode/compliance
Compliance posture — ISO 27001, SOC 2, NIST CSF, GDPR, DPDP 2023, OWASP LLM
▾
Returns compliance posture mapping active CVEs to control gaps across six frameworks.
curl https://cyberdudebivash.in/api/mythos/god-mode/compliance
GET
/api/mythos/god-mode/hunt-pack
SOAR hunt pack — auto-generated Sigma, KQL, YARA detection rules
▾
Returns Sigma rules, KQL hunt queries, and YARA signatures auto-generated for each active CVE.
curl https://cyberdudebivash.in/api/mythos/god-mode/hunt-pack
POST
/api/mythos/god-mode/run
Trigger a full 12-phase God Mode run — admin only
▾
Triggers an asynchronous 12-phase autonomous security orchestration run. Returns immediately with a job ID. Requires an
x-api-key admin header.curl -X POST https://cyberdudebivash.in/api/mythos/god-mode/run \
-H "Content-Type: application/json" \
-H "x-api-key: <YOUR_ADMIN_KEY>" \
-d '{"max_items": 20}'Error Codes
| Code | Status | Meaning |
|---|---|---|
| AUTH_REQUIRED | 401 | JWT or API key required for this endpoint |
| TIER_REQUIRED | 403 | Current plan insufficient — upgrade required |
| RATE_LIMITED | 429 | Too many requests — check Retry-After header |
| VALIDATION_ERROR | 400 | Request body failed validation — check the errors array |
| NOT_FOUND | 404 | Resource does not exist or belongs to another account |
| INTERNAL_ERROR | 500 | Platform error — contact support with x-request-id |