Frequently Asked Questions

General LLMs can summarize vulnerabilities or draft reports from attached files. Hexamind AI is different because it works with project SBOMs, vulnerability data, operating context, and compliance information that are already connected inside the platform. That lets teams review what matters first in their own environment without rebuilding context every time.

Automation can help reduce operational overhead, but results may vary across environments. We recommend expanding automation scope gradually, aligned with your organization's risk tolerance and operating policy.

Security experts remain essential. Hexamind Platform is designed to support them, not replace them, by reducing repetitive inspection and data-handling work so teams can focus on higher-value decisions. It helps small organizations establish a baseline process quickly and helps mature teams run supply chain security more consistently.

Timelines can shift, but the need for supply chain security operations already exists. U.S. and EU requirements are already active or entering enforcement phases, and Korean public procurement expectations are also tightening. Independent of regulation, managing SBOMs, licenses, and vulnerabilities systematically improves both delivery readiness and internal security operations.

If your organization sells or distributes digital products or components into the EU market, the CRA likely applies. That can include SaaS services, smart devices, and software libraries. Purely non-commercial open source may qualify for limited exceptions, but legal review is recommended for an authoritative determination.

In practice, U.S. E.O. 14028 commonly expects SPDX or CycloneDX. The EU CRA does not prescribe a single mandatory format, but SPDX and CycloneDX are the most widely used options. Korean public procurement is also expected to rely heavily on CycloneDX JSON or XML. Hexamind Platform supports standard SBOM formats, but exact submission requirements should still be validated against the contracting authority or procurement terms.

Some capabilities can be used without a prebuilt SBOM, but vulnerability analysis in Security Advisory and signing workflows in TrustBOM work best when an SBOM is available. If you do not have one yet, the platform can extract component information from package manifests, container images, and source archives to help bootstrap that process.

We recommend registering each release as a separate project. Versioned projects make it easier to compare vulnerability history and change over time. With TrustBOM, you can also show recipients which version was delivered and how its security posture differs from previous releases.

That can happen occasionally. In those cases, try asking a more specific question and confirm that the correct project is selected. Connecting environment data also improves answer quality. Important decisions should still be reviewed by security professionals.

During the current Early Access period, you can explore the major capabilities broadly. After general availability, plan-specific limits and billing policies will be shown in account settings.

If you need to change your account type or transition to an organization plan, please reach out through the support channel.

Strong password requirements exist to maintain a level of account protection appropriate for a security platform. Weak credentials can affect the broader supply chain security posture, so using a password manager is strongly recommended.

The billing flow is designed to support both domestic cards and major international cards, and enterprise customers can usually discuss contract-specific arrangements. Detailed payment policy may evolve as plans mature.

Technical support and general inquiries can be sent to [email protected]. For vulnerability reports, please include [VDP] in the subject line.

Yes. You can request a demo or consultation through the landing page inquiry form or by email. Depending on your needs, this can include an online walkthrough, scenario review, and organization-specific discussion.