Getting Started: Manifest Insights Agent

Exposure search

Manifest Insights Agent (MIA) answers exposure questions directly from the chat panel. Ask about a component, a CVE, or a version range and MIA maps your query against your actual inventory, runs the analysis, and returns a detailed Exposure Report without leaving your current workflow.

Ask an exposure question

  1. Open MIA from the AI launcher in the bottom-right corner of any authenticated page.
  2. Type your question in the Write... input field. You can ask about a specific component (for example, "Where am I using lodash?"), a CVE (for example, "Am I affected by CVE-2023-4863?"), or a version range.
  3. Press send. MIA begins planning and shows a Run progress card inline with the current stage.

MIA works without a CVE. If you know only a component name or version range, MIA still maps it against your inventory using package and version logic as the primary signal.

Monitor run progress

While MIA is working, a Run progress card appears in the chat thread showing the current state:

  • Running - MIA is actively processing. The card shows the current planning or execution step.
  • Completed runs transition to a response automatically.

You can continue typing in the input field while a run is in progress. A stop button appears in the input area if you need to cancel.

Read the response

When the run completes, MIA returns:

  • A plain-language summary of findings in the chat thread, including which assets are affected, which versions are present, and how the component is used across your environment
  • A result card below the summary showing the high-level finding (for example, "Lodash used in 3,781 high-risk assets across apps, jobs, and tooling") with a count of components
  • A > arrow on the result card to open the full Exposure Report

Each response includes copy and regenerate icons so you can copy the answer or re-run the query.

Review the Exposure Report

Clicking the arrow on a result card opens the Exposure Report panel alongside the chat. The report includes:

  • An exposure level badge (for example, "High Exposure")
  • Total component count
  • A searchable list of affected components with version numbers, asset counts, and vulnerability counts
  • A Findings section with detailed, bulleted analysis of version distribution, usage patterns, and associated CVEs

From the Exposure Report you can:

  • Copy summary - Copies a human-readable summary to your clipboard, ready to drop into a Slack channel, war room, or IR document.
  • Export as... - Downloads the report in your preferred format:
    • JSON (report.json) - Full run payload and results
    • CSV (export.csv) - Asset-level detail
    • Markdown (summary.md) - Human-readable summary

Manage chat history

MIA keeps your conversations for 30 days. To access previous runs:

  1. Click the clock icon in the MIA panel header to open Chat history.
  2. Search past conversations using the search bar, or scroll to find one by timestamp and opening message.
  3. Click a conversation to reopen it.

To delete a conversation, click the trash icon next to it. To clear all history, click Delete all at the bottom of the history panel.

To start a new conversation, click the pencil (new chat) icon in the header.

Example prompts

MIA understands plain-language questions and structured batch input. The following examples show the range of queries you can run.

Component and asset lookups

  • Find all instances of lodash in my environment.
  • Which assets are using lodash?
  • List everywhere lodash is installed.
  • Where am I running lodash 4.17.21?
  • Which are my most critical assets right now?

CVE and vulnerability exposure

  • Am I affected by CVE-2026-22709?

Version range exposure search

  • Run an exposure search to identify where this component is being used: bson versions between 0.4.21 and 1.1.6

Batch exposure search

For larger indicator lists, paste the full component inventory directly into the chat. MIA handles the batch, deduplicates results, and returns a single Exposure Report.

Run exposure search for the following maven packages of the specified versions:

baiducloud-java-sdk-blb 0.0.13
baiducloud-java-sdk-privatezone 0.0.4
bbnativeplayersdk 8.52.0
bbnativeplayersdk-compose 8.52.0
bbnativeplayersdk-core 8.52.0
bbnativeshared 8.52.0
bbnativeshared-android 8.52.0
bbnativeshared-android-debug 8.52.0
bce-java-sdk 0.10.428
freeway-ioc 1.0.5
JSONata4Java 2.6.3
pi4j-core 4.0.2
pi4j-distribution 4.0.2
pi4j-library 4.0.2
pi4j-library-gpiod 4.0.2
pi4j-library-linuxfs 4.0.2
pi4j-library-pigpio 4.0.2
pi4j-parent 4.0.2
pi4j-plugin 4.0.2
pi4j-plugin-ffm 4.0.2
pi4j-plugin-gpiod 4.0.2
pi4j-plugin-linuxfs 4.0.2
pi4j-plugin-mock 4.0.2
pi4j-plugin-pigpio 4.0.2
pi4j-plugin-raspberrypi 4.0.2
pi4j-test 4.0.2
sepa-jena-arq 4.3.2

In-context SBOM and vendor remediation

When you have an asset detail page open, MIA can use the SBOM in context to generate vendor-ready remediation guidance. Open an asset that has SBOM data, then try:

  • What should I tell the vendor I need to fix on this SBOM?
  • Generate the vendor remediation list for this SBOM.
  • What needs fixing on this SBOM?

Related docs