How to use Orithos

Go to Agents in the sidebar and click "Add Agent". Enter your LLM endpoint URL and API key. Orithos will verify the endpoint is reachable before saving it.

Go to Scans and click "New Scan". Select the agent you registered, choose which security probes to run, and pick a scan depth. Click "Launch Scan" to start.

When the scan completes, click on any finding to expand it. You'll see a plain-English explanation of what happened, recommended actions, and technical details like CVSS scores and attack paths.

On the scan detail page, click HTML, PDF, or SARIF to download a report. SARIF format can be imported into GitHub Advanced Security and other CI/CD tools.

Go to Providers in the sidebar. Select one security probe and run it against multiple registered agents at the same time. Results stream in real-time so you can compare how different models handle the same attack.

Go to Compliance to see how your scan findings map to industry frameworks: SOC 2, ISO 27001, HIPAA, NIST 800-53, OWASP LLM Top 10, and more.

Go to Settings → API Keys to create API keys for automated scanning. Keys use bcrypt hashing and support role-based access (viewer, analyst, admin, owner).

Go to Settings → Retention to choose how long scan traces are stored. Standard mode keeps traces for 30 days. Zero-Knowledge mode purges traces immediately after each scan.