Network Traffic Analysis of Nova AI: Real-Time Interactions with a Multi-Model Chatbot
Nova AI is a multi-platform chatbot application developed by ScaleUp. It supports a wide range of natural language processing tasks including text generation, summarization, translation, grammar correction, and question answering. Nova uses a multi-model architecture integrating several leading large language models (LLMs), such as OpenAI’s GPT‑4 and GPT‑4o, Anthropic’s Claude, Google’s Gemini Pro, and DeepSeek R1. Depending on the user’s subscription tier and device, Nova either automatically selects the most appropriate LLM or allows users to manually choose between available models. All processing is cloud-based, enabling consistent performance and access across supported platforms.
Network Traffic Analysis
The ATI team in Keysight has analyzed the network traffic of Nova AI and found some interesting insights, which can be helpful for other researchers, optimize performance and ensure secure usage. This was done utilzing a HAR captures of a web session. Nova AI operates with standard web protocols, relying on secure TLS encryption for communication.
Overall Analysis
We have performed extensive user interactions with the Nova AI web application. The captured traffic was completely TLS encrypted. We have further analyzed the traffic based on host names.
In the figure above we can observe the maximum number of request-response was seen by api.novaapp.ai followed by chat.novaapp.ai. The first host has been observed as the primary host for core dynamic functionalities such as user authentication, session management, and chat processing. While the latter is for telemetry and analytics, including logging user interactions and events.
Figure 2: Cumulative payload per host
The diagram above shows that the host api.novaapp.ai has the maximum cumulative payload. The rest of the hosts are creating smaller network footprints.
Analyzing Endpoints
By examining the HAR file, we gain a detailed view of the HTTP requests and responses between the client and Nova AI's servers. This analysis focuses on critical endpoints and their roles in the platform's functionality.
Query Execution
Endpoint: https://api.novaapp.ai/api/chat
- Method: POST
- Request Headers:
- Accept: application/json
- Content-Type: application/json
- Origin: https://chat.novaapp.ai (Ensures requests originate from Nova AI’s platform)
- Response Status: 200 OK (chat message successfully processed)
- Response Body: JSON object containing the AI-generated message, message ID, timestamps, and related context.
This is the core endpoint for handling real-time natural language queries. It supports back-and-forth conversation with integrated models, depending on the user’s configuration and subscription tier.
Title Generation
Endpoint: https://api.novaapp.ai/api/chat/title
- Method: POST
Purpose: Automatically generate or update a conversation title based on the content exchanged in the chat.
- Request Headers:
- Accept: application/json
- Content-Type: application/json
- Origin: https://chat.novaapp.ai (Ensures requests originate from Nova AI’s platform)
- Response Status: 200 OK (title generated or updated)
- Response Body: JSON object with a short, descriptive title summarizing the conversation topic.
This endpoint enhances organization by assigning contextual titles to chat threads. It helps users quickly identify and return to past conversations based on automatically derived summaries.
Token Usage Analysis
Endpoint: https://api.novaapp.ai/api/token-count
- Method: POST
- Request Headers:
- Accept: application/json
- Content-Type: application/json
- Origin: https://chat.novaapp.ai (Ensures requests originate from Nova AI’s platform)
- Response Status: 200 OK (token count calculated)
- Response Body: JSON object including input token count, output token count, and total token usage.
Used for managing usage quotas and enforcing billing policies, this endpoint provides visibility into the computational cost of user interactions by reporting token metrics for each message or session.
Static Content Delivery
Endpoint: https://chat.novaapp.ai/assets/logo-novaapp.svg
Method: GET
- Request Headers:
- Accept: image/svg+xml
- Origin: https://chat.novaapp.ai (Ensures requests originate from Nova AI’s platform)
- Response Status: 200 OK (logo asset successfully retrieved)
- Response Body: Raw SVG file containing XML-based vector graphic markup representing the Nova AI logo
This static asset endpoint is part of the frontend delivery layer, enabling the Nova AI web application to render consistent visual branding.
NOTE: While Nova AI can be useful, it is a prohibited tool by many companies and government entities. Policy and technical systems must be in place to prevent usage, and it is vital to confirm this via test using BreakingPoint. These tests help validate the security measures and help organizations prevent accidental or malicious use of the platform.
Nova AI Traffic Simulation in Keysight ATI
At Keysight Technologies Application and Threat Intelligence (ATI), since we always try to deliver the hot trending application, we have published the network traffic related to Nova AI in ATI-2025-11 StrikePack which simulates the HAR collected from the Nova AI web application as of June 2025 including different user actions like performing website searches and responding to basic text-based prompts and queries. Here all the HTTP transactions are replayed in HTTP/2 over TLS1.3.
The Nova AI application and its 4 new Superflows as shown below:
Leverage Subscription Service to Stay Ahead of Attacks
Keysight's Application and Threat Intelligence subscription provides daily malware and bi-weekly updates of the latest application protocols and vulnerabilities for use with Keysight test platforms. The ATI Research Centre continuously monitors threats as they appear in the wild. Customers of BreakingPoint now have access to attack campaigns for different advanced persistent threats, allowing BreakingPoint Customers to test their currently deployed security control's ability to detect or block such attacks.