# AI Detection Builder (Beta) ## Overview {% hint style="info" %} AI Detection Builder is in open beta starting with Panther version 1.118, and is available to all customers. Please share any bug reports and feature requests with your Panther support team. {% endhint %} AI Detection Builder is a [Panther AI](https://docs.panther.com/ai)-powered assistant that helps you create and modify rules and scheduled rules directly within the Panther Console. It provides intelligent suggestions, generates detection code, and allows you to review and apply changes.

The AI Detection Builder is available in the rule and scheduled rule editors in the Panther Console—accessible in the **Configure** tab via the **AI Detection Builder** button. ## How AI Detection Builder works The AI Detection Builder operates as a conversational AI assistant embedded in the rule editor. When you [open the AI Detection Builder panel](#opening-the-ai-detection-builder), you can: * Create new detections by describing what you want to detect * Ask questions about detection logic and get explanations of detection code * Modify existing detections. For example: * "Add a dedup function based on the user's IP address" * "Make this detection more specific to production environments" * Add or improve test cases ## Using the AI Detection Builder ### Opening the AI Detection Builder 1. In the left-hand navigation bar of your Panther Console, click **Detections**. 2. Click **Create New**. 3. On the **Python Rule** or **Scheduled Rule** tile, click **Start**. 4. On the right-hand side of the Configure tab, click **AI Detection Builder**.

* The panel opens on the right side of the screen:

### Creating a new detection with the AI Detection Builder 1. After [opening the AI Detection builder](#opening-the-ai-detection-builder), in the text field, enter your prompt.

2. Click the arrow (Submit). 3. Review the generated detection, including detection code (the `rule()` function and any helper functions), metadata (ID, display name, description, severity), associated log types, and test cases. * If necessary, enter a follow-up prompt to make further changes.\ ![](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2F0DZnJBRPK6YdIn4C1UBX%2FScreenshot%202026-01-16%20at%209.50.29%E2%80%AFAM.png?alt=media\&token=b645ea2c-5830-4cae-be61-f4658107d759) 4. Once the results meet your requirements, click **Accept Changes**.\ ![](https://4011785613-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LgdiSWdyJcXPahGi9Rs-2910905616%2Fuploads%2FpcdzdYmEcknJKlgE5TPX%2FScreenshot%202026-01-16%20at%209.48.38%E2%80%AFAM.png?alt=media\&token=f8ad97ed-5d56-4543-9c5b-3b635b8f254b) 5. The changes you accepted, including detection logic, metadata, and test cases, will be populated in the main detection editor form. In the upper-right corner, click **Deploy**.

### Modifying an existing detection with the AI Detection Builder To edit an existing rule with the AI Detection Builder: 1. In the left-hand navigation bar of your Panther Console, click **Detections**. 2. In the detection list, click the name of the detection you'd like to update. 3. On the right-hand side, click **AI Detection Builder**. 4. Click one of the suggested prompts (e.g., "Add 3 test cases covering different scenarios") or enter your own request (e.g., "Add a title function that includes the affected resource name").

5. Review the proposed changes, and enter a follow-up prompt, if necessary. Once the results meet your requirements, click **Accept Changes**. 6. Click **Deploy**. ### Reviewing proposed changes When the AI Detection Builder suggests changes to your detection, a review card appears, showing: * **Detection metadata**: The detection's name, ID, severity, log types (or scheduled queries), deduplication period, threshold, and number of test cases. * **Proposed code changes**: A diff view highlighting additions (in green) and removals (in red) to the detection code. To apply the changes, click **Accept Changes** to update the detection. The changes are applied to the detection form but are not saved until you click **Deploy**.

To undo accepted changes and restore the detection to its previous state, click **Revert**.

### Starting a new conversation with the AI Detection Builder To clear the current conversation and start a new thread: * In the upper-right corner of the AI Detection Builder panel, click the **+** (New Conversation) icon.

* The conversation resets, and you can begin a new interaction. ## Best practices when using the AI Detection Builder * **Be specific in your prompts**: The more detail you provide about what you'd like to detect, the better the AI's suggestions will be. * **Review changes carefully**: Always review the proposed code changes before accepting them, especially for production detections. * **Test before deploying**: After accepting changes, use the test functionality to validate the detection works as expected. * **Iterate as needed**: You can continue the conversation to refine the detection further after accepting initial changes. ## Limitations of the AI Detection Builder * The AI Detection Builder is currently only available when creating/editing custom rules and scheduled rules—i.e., it's not possible to use the AI Detection Builder to interact with other detections types, like policies and correlation rules.