AYDA API Access

📡 Status: Preview Only

AYDA’s Phase 2 API offers sandboxed inference endpoints, persona-driven logic, and modular model licensing. All functionality is subject to change during preview.

🔧 Endpoint Overview

🧠 Persona Switching Logic

AYDA supports dynamic persona switching via the /persona/switch endpoint. Each persona is scoped by:

• id: Unique identifier (e.g. forensic_analyst, script_coder)
• model: Associated model name (e.g. aydasilver)
• version: Active version (e.g. v1.5)

Note: Enrichment tags and switching trace logic are available in NDA-bound documentation.

🧪 Inference Preview

The /infer endpoint accepts modular payloads with persona context. Responses include:

• summary: High-level inference output
• confidence: Scored output (0–1)
• persona: Active persona metadata
• model: Model name and version used

Trace IDs and forensic enrichment paths are available in NDA-bound documentation.

💬 Streaming Chat Interface

AYDA’s /chat endpoint supports real-time persona-driven conversations using Server-Sent Events (SSE). Optimized for chatbot UIs and SOC dashboards.

Content-Type: application/json
Response: text/event-stream

{
  "prompt": "What are the risks of example-domain.net?",
  "persona": "predict",
  "context": "domain scan",
  "user_id": 42
}
  

Optional headers and persona overrides are documented in the NDA package.

import httpx, asyncio

async def stream_chat():
    url = "https://api.nattytech.com/chat"
    headers = {"Accept": "text/event-stream"}
    payload = {
        "prompt": "What are the risks of example-domain.net?",
        "persona": "soc",
        "context": "domain scan",
        "user_id": 42
    }

    async with httpx.AsyncClient(timeout=None) as client:
        async with client.stream("POST", url, headers=headers, json=payload) as response:
            async for line in response.aiter_lines():
                if line.startswith("data: "):
                    print("🔹", line[6:])

asyncio.run(stream_chat())
    

⚠️ Notes & Limitations

• All endpoints are sandboxed and rate-limited
• Persona switching is non-persistent unless explicitly tagged
• Trace data is stored temporarily for preview validation
• Licensing keys are tied to model-version pairs
• Airgapped deployments support offline upgrades and version pinning

🔖 AYDA API Documentation — Public Preview  v1.0
Last updated: August 2025 · Endpoint structure and payloads subject to change
For roadmap details and enrichment logic, refer to NDA-bound investor materials.

🛡️ AYDA Cyber Defense Modules

AYDA’s modular architecture supports proactive threat detection, forensic analysis, and adaptive response. Below are examples of how core modules operate in real-world scenarios.

🚨 Predictive Threat Detection (aydapred)

Goal: Identify and neutralize threats before they manifest, using enriched log patterns and behavioral heuristics.

Example Payload:

{
  "input": "Detect unusual activity across subnet 10.0.4.0/24",
  "persona_id": "predict",
  "model": "aydapred",
  "version": "v1.5",
  "context": {
    "log_bundle": "SIEM_sample",
    "threat_profile": ["known threat patterns"]
  }
}
  

Response: AYDA flags anomalous beaconing behavior, correlates it with known C2 patterns, and recommends immediate segmentation.

🧨 Penetration Testing & Exploit Simulation (aydared)

Goal: Simulate attacker behavior and validate defensive posture using AYDA’s red-team logic.

Example Payload:

{
  "input": "Simulate credential stuffing against exposed login endpoints",
  "persona_id": "red_team",
  "model": "aydared",
  "version": "v1.2",
  "context": {
    "target_domain": "acme-corp.net",
    "known_exposures": ["leaked_passwords.csv", "open_ports.json"]
  }
}
  

Response: AYDA emulates attack vectors, logs response times, and flags weak rate-limiting or missing MFA.

🛡️ Defensive Hardening & Vulnerability Scanning (aydablu)

Goal: Scan infrastructure for misconfigurations, expired certs, and third-party risks.

Example Payload:

{
  "input": "Run full domain intelligence scan",
  "persona_id": "defender",
  "model": "aydablu",
  "version": "v1.4",
  "context": {
    "domain": "acme-corp.net",
    "scan_depth": "full",
    "report_format": "markdown"
  }
}
  

Response: AYDA returns subdomain enumeration, TLS expiry, email security posture, and trust score. AI insight highlights weak SPF/DKIM and third-party asset exposure.

🧠 Real-Time Attack Recognition & Response (aydapred)

Goal: Detect active compromise and initiate containment measures.

Example Payload:

{
  "input": "Monitor for signs of backdoor or APT activity",
  "persona_id": "predict",
  "model": "aydapred",
  "version": "v1.5",
  "context": {
    "live_logs": ["auth.log", "netflow.json"],
    "alert_threshold": 0.7,
    "response_mode": "contain"
  }
}
  

Response: AYDA detects suspicious persistence mechanisms, correlates with known APT behavior, and recommends isolating affected hosts.

📜 Forensic Trace & Insight Generation

Goal: Generate concise, actionable summaries of attack vectors and system posture.

Example Output:

{
  "summary": "Detected lateral movement from compromised host 10.0.4.12. C2 beacon matched APT29 profile.",
  "trace_id": "trace_2025_08_11_001",
  "confidence": 0.92,
  "persona": {
    "id": "predict",
    "model": "aydapred",
    "version": "v1.5"
  }
}
  

⚠️ Notes & Limitations

• AYDA does not block traffic directly; she recommends containment actions via integrations.
• Zero-day detection is probabilistic and based on behavioral deviation, not signature matching.
• Red-team simulations are sandboxed and require explicit opt-in.
• Traceability features are available in preview and documented under NDA