A Practical Guide to BYOAI on Brinqa
by James Walta, VP of Product//5 min read/
There’s a simple principle when it comes to building an AI enabled cyber defense program: buy the platform for the hard, durable problems, then build your edge on top of it. This post is about how to actually do the building.
We call it BYOAI, or bring your own AI. Talk to enough security teams right now and you will find that most of them are already experimenting with agents somewhere in the organization, sanctioned or not. So the real decision facing security leaders is not whether teams will build agents. They will. The decision is whether those agents get built against a trusted, governed foundation or against a pile of raw exports and shadow integrations. BYOAI on Brinqa lets you say yes to the experimentation without giving up control of your data, your access, or your audit trail.
How the Model Works
The architecture is straightforward. Brinqa sits at the center as the trusted, governed exposure data layer. Your teams bring whatever model or agent framework they prefer, and Brinqa supplies the graph, the context, the controls, and the auditability.
We designed this to be model agnostic. Customers can bring GPT, Gemini, Mythos, an open source model, or something proprietary they built in house, and connect through the API, through MCP, or through Direct Connect. Governance stays in Brinqa no matter which path they choose: role based access, policy controls, and a traceable record of every query and action.
In our view, that governance layer is the part worth getting right, because the models themselves will keep changing. Teams will swap one model for another as capabilities and prices shift, and that should be easy to do. What should not change underneath them is the control over who can query which data, and the evidence trail behind every answer.
The Kinds of Problems Teams Can Solve
BYOAI is easiest to understand through the problems it is designed to solve. Here are the kinds of agents teams can build once governed access to the exposure data is in place.
| Team | Example agent | What the agent asks Brinqa | Action it takes |
|---|---|---|---|
SOC | Incident Triage Agent | “Is this alert on an internet facing, high risk asset with active exploitation?” | Enriches the SIEM alert, explains the risk path, recommends escalation |
Vulnerability Management | Remediation Prioritization Agent | “Which critical findings matter most based on asset criticality, KEV, exposure, owner, and SLA?” | Produces a fix list, dedupes findings, drafts a remediation plan |
IT Ops | Patch and Ownership Agent | “Who owns this asset, what business service depends on it, and what is the change impact?” | Opens and routes tickets, proposes patch windows, tracks SLA |
Cloud Security | Cloud Exposure Agent | “Which cloud assets have toxic combinations: public exposure, weak IAM, and an exploitable vuln?” | Creates a cloud exposure summary and recommended control changes |
GRC and Risk | Evidence and Risk Reporting Agent | “Show control gaps, overdue risk, and trend by business unit for audit or board reporting.” | Generates summaries, evidence packets, and board ready narrative |
CISO and CTEM | Exposure Strategy Agent | “Where should we focus this week to reduce the most real risk?” | Prioritizes campaigns and measures risk reduction |
Every one of these examples shares the same design. The agent does not ingest raw scanner exports or keep its own copy of the truth. It asks questions of the same governed foundation everyone else uses and acts on the same answers, which means six teams could build six different agents without creating six versions of reality.
The Build Pattern
Every BYOAI agent follows the same pattern:
An agent receives a task in natural language, the connector translates it into a governed query, and the CyberRisk Graph™ returns context that was normalized, deduplicated, and enriched back at ingestion. The agent reasons over connected facts rather than guessing at relationships, and the output is whatever the agent was built to deliver. That might be taking an action like opening a ticket or kicking off a workflow, creating a report, or simply answering a question. The outcome belongs to the team that built the agent, and human approval is applied wherever your policy requires it.
This is what we mean when we say prepare the data for AI, not in the AI. The agents stay small and inexpensive because the heavy lifting was done once, in the data layer, instead of inside every model call.
Why It Works
BYOAI works because the Brinqa Platform exposes governed access paths rather than open doors. Agents connect through the BQL API for structured queries, through BrinqaIQ with MCP for conversational and agentic access, and through BrinqaDL views for large scale analytics. In every case the agent issues structured, traceable queries instead of pulling unrestricted raw data.
That traceability is what makes BYOAI defensible. When an auditor asks how an agent reached a conclusion, or why it opened a ticket, you can show the query it ran, the data it touched, and the policy that scoped it.
It also keeps BYOAI safe as it spreads. We made the point in our last post that the AI itself has become part of the attack surface. A dozen team built agents pulling raw exports leaves you defending a dozen different security postures. When those same agents connect through common governed paths, you get one control point and one place to watch. That matters whether your program is built around continuous threat exposure management (CTEM), risk-based vulnerability management (RBVM), or a hybrid of both.
What Comes Next
This post is the practical overview. For the full picture including reference architecture, governance patterns, security considerations, and MCP and agent templates your teams can use to stand up a first agent quickly, read Your AI, Our Foundation: Agentic Exposure Management You Can Trust. It covers how Brinqa functions as the governed data foundation for any AI investment across your exposure management program.
If your teams are already building or itching to start, meet with a Brinqa expert and we will walk through the BYOAI access paths against your own environment.
