How Bugtri Works
From the moment a vulnerability report arrives in your mailbox to the triage summary landing in your inbox - here's exactly what happens at every step.
Three steps. Two minutes to set up.
No agents to install. No code changes. No infrastructure to manage.
Connect your mailbox
Link your Google Workspace or Microsoft 365 shared mailbox with one-click OAuth. Bugtri reads incoming emails - nothing leaves your inbox.
AI analyses every report
Each vulnerability report is sanitised, sent to your AI provider, scored against your custom thresholds, and classified as Auto-Decline, Queue, Fast-Track, or Urgent.
Triage lands in your inbox
A formatted summary email arrives in your shared mailbox with the decision, risk score, key factors, and the original report - ready for your team to act on.
Your data stays private
Sensitive information is automatically stripped before anything reaches the AI.
The full journey of a report
From the moment a researcher hits send to the triage landing in your inbox - here's exactly what happens.
Researcher submits a report
A security researcher discovers a vulnerability and emails their findings to your shared mailbox - typically security@yourcompany.com. The report may contain sensitive internal URLs, IP addresses, email addresses, and domain names embedded throughout the text.
Bugtri intercepts the email
Bugtri monitors your connected mailbox via OAuth (Google Workspace or Microsoft 365) and picks up the incoming report within minutes. The original email stays in your inbox - Bugtri reads a copy without modifying or deleting anything.
Sensitive data is sanitised
Before the report text reaches any AI, Bugtri scans it and replaces sensitive data with safe placeholder tokens. URLs become __URL_1__, IP addresses become __IP_1__, emails become __EMAIL_1__, and domains become __DOMAIN_1__. You control exactly which types are redacted, and can add custom patterns.
AI analyses the clean report
The sanitised text is sent to your chosen AI provider (using your own API key) which extracts structured data: vulnerability type, severity, exploitability, authentication requirements, evidence quality, and scope. The AI produces a severity score, a confidence rating, a triage decision (Auto-Decline, Queue, Fast-Track, or Urgent), and a written rationale explaining its reasoning.
Bugtri assembles the triage email
Bugtri takes the AI's analysis, restores all placeholder tokens back to the original values, and builds a formatted triage summary email. This includes the decision badge, risk score, AI confidence level, key factors, an executive summary - and the full original report appended below so your team has the complete context.
Triage arrives in your inbox
The complete triage email is delivered to your shared mailbox from triage@bugtri.com. Your security team sees the decision at a glance, reads the summary, and can immediately act - escalate, investigate, or dismiss. If auto-responses are enabled, the researcher also receives an automated acknowledgement, decline, or escalation notice.
Built for security teams
Everything you need to triage faster - nothing you don't.
Privacy-first sanitisation
Sensitive data (URLs, IPs, emails, domains) is stripped before reaching the AI. You control exactly what's redacted.
Configurable scoring
Tune weights, thresholds, and impact buckets to match your organisation's risk appetite. Choose from presets or go fully custom.
Auto-responses
Automatically acknowledge researchers, decline out-of-scope reports, or escalate urgent findings - with customisable templates.
Dashboard & analytics
Track volume trends, decision breakdowns, AI confidence, and response times. See everything at a glance from your dashboard.
Bring your own AI key
Use your own API key from OpenAI, Anthropic, Google Gemini, or other providers. Your data never trains third-party models.
Data retention controls
Set how long report data is stored. Enable auto-purge. Choose not to store vulnerability details at all after triage.