Getting Started: Manifest Insights Agent
Exposure search
Manifest Insights Agent (MIA) answers exposure questions directly from the chat panel. Ask about a component, a CVE, or a version range and MIA maps your query against your actual inventory, runs the analysis, and returns a detailed Exposure Report without leaving your current workflow.
Ask an exposure question
- Open MIA from the AI launcher in the bottom-right corner of any authenticated page.
- Type your question in the Write... input field. You can ask about a specific component (for example, "Where am I using lodash?"), a CVE (for example, "Am I affected by CVE-2023-4863?"), or a version range.
- Press send. MIA begins planning and shows a Run progress card inline with the current stage.
MIA works without a CVE. If you know only a component name or version range, MIA still maps it against your inventory using package and version logic as the primary signal.
Monitor run progress
While MIA is working, a Run progress card appears in the chat thread showing the current state:
- Running - MIA is actively processing. The card shows the current planning or execution step.
- Completed runs transition to a response automatically.
You can continue typing in the input field while a run is in progress. A stop button appears in the input area if you need to cancel.
Read the response
When the run completes, MIA returns:
- A plain-language summary of findings in the chat thread, including which assets are affected, which versions are present, and how the component is used across your environment
- A result card below the summary showing the high-level finding (for example, "Lodash used in 3,781 high-risk assets across apps, jobs, and tooling") with a count of components
- A > arrow on the result card to open the full Exposure Report
Each response includes copy and regenerate icons so you can copy the answer or re-run the query.
Review the Exposure Report
Clicking the arrow on a result card opens the Exposure Report panel alongside the chat. The report includes:
- An exposure level badge (for example, "High Exposure")
- Total component count
- A searchable list of affected components with version numbers, asset counts, and vulnerability counts
- A Findings section with detailed, bulleted analysis of version distribution, usage patterns, and associated CVEs
From the Exposure Report you can:
- Copy summary - Copies a human-readable summary to your clipboard, ready to drop into a Slack channel, war room, or IR document.
- Export as... - Downloads the report in your preferred format:
- JSON (report.json) - Full run payload and results
- CSV (export.csv) - Asset-level detail
- Markdown (summary.md) - Human-readable summary
Manage chat history
MIA keeps your conversations for 30 days. To access previous runs:
- Click the clock icon in the MIA panel header to open Chat history.
- Search past conversations using the search bar, or scroll to find one by timestamp and opening message.
- Click a conversation to reopen it.
To delete a conversation, click the trash icon next to it. To clear all history, click Delete all at the bottom of the history panel.
To start a new conversation, click the pencil (new chat) icon in the header.
Example prompts
MIA understands plain-language questions and structured batch input. The following examples show the range of queries you can run.
Component and asset lookups
- Find all instances of lodash in my environment.
- Which assets are using lodash?
- List everywhere lodash is installed.
- Where am I running lodash 4.17.21?
- Which are my most critical assets right now?
CVE and vulnerability exposure
- Am I affected by CVE-2026-22709?
Version range exposure search
- Run an exposure search to identify where this component is being used: bson versions between 0.4.21 and 1.1.6
Batch exposure search
For larger indicator lists, paste the full component inventory directly into the chat. MIA handles the batch, deduplicates results, and returns a single Exposure Report.
Run exposure search for the following maven packages of the specified versions:
baiducloud-java-sdk-blb 0.0.13
baiducloud-java-sdk-privatezone 0.0.4
bbnativeplayersdk 8.52.0
bbnativeplayersdk-compose 8.52.0
bbnativeplayersdk-core 8.52.0
bbnativeshared 8.52.0
bbnativeshared-android 8.52.0
bbnativeshared-android-debug 8.52.0
bce-java-sdk 0.10.428
freeway-ioc 1.0.5
JSONata4Java 2.6.3
pi4j-core 4.0.2
pi4j-distribution 4.0.2
pi4j-library 4.0.2
pi4j-library-gpiod 4.0.2
pi4j-library-linuxfs 4.0.2
pi4j-library-pigpio 4.0.2
pi4j-parent 4.0.2
pi4j-plugin 4.0.2
pi4j-plugin-ffm 4.0.2
pi4j-plugin-gpiod 4.0.2
pi4j-plugin-linuxfs 4.0.2
pi4j-plugin-mock 4.0.2
pi4j-plugin-pigpio 4.0.2
pi4j-plugin-raspberrypi 4.0.2
pi4j-test 4.0.2
sepa-jena-arq 4.3.2
In-context SBOM and vendor remediation
When you have an asset detail page open, MIA can use the SBOM in context to generate vendor-ready remediation guidance. Open an asset that has SBOM data, then try:
- What should I tell the vendor I need to fix on this SBOM?
- Generate the vendor remediation list for this SBOM.
- What needs fixing on this SBOM?