Skip to main content

Pentest

Pentest is AISafe's blackbox security assessment type. AI agents probe your live application over HTTP and via a headless browser, modeling the attack surface, testing for exploitable vulnerabilities, and producing evidence-backed findings, all without access to your source code.

How it works

Starting a pentest triggers a multi-agent workflow that moves through several stages. Specialized agents carry out each stage, collaborating over the live target. Each stage builds on the previous one. The testing stage benefits from the scoping and modeling stages' understanding of your application.

  1. Validation: the first agent sends a probe request to each target URL and attempts to follow the authentication flow you described. If the target is unreachable or auth fails, the run stops with a clear message so you can fix the configuration before wasting time.
  2. Scoping: a crawling agent walks the application, following links, submitting forms, and recording each endpoint and parameter it discovers. The crawl respects your excluded paths and rate limits, and builds a comprehensive map of the attack surface within the scope you defined.
  3. Modeling: the agents analyze the crawled surface to identify high-value targets: authenticated endpoints, admin interfaces, API routes that accept user-controlled input, and flows that handle sensitive data. This prioritization focuses testing effort where real vulnerabilities are most probable.
  4. Testing: for each candidate vulnerability, an agent crafts a payload, sends the request, and inspects the response. If the response suggests a vulnerability, the agent refines the payload to confirm exploitation and capture proof. The agent iterates, trying variations until it either confirms the issue or rules it out. This covers OWASP Top 10 categories: injection, broken authentication, sensitive data exposure, XSS, SSRF, and more.
  5. Triage: a separate triage agent re-examines each finding's evidence, confirms or rejects it, deduplicates findings that share a root cause, and assigns a confidence score. This pass is what keeps the false-positive rate low.
  6. Report: the final stage compiles confirmed findings, evidence, and remediation guidance into a shareable PDF.

The entire workflow runs without human intervention. You start the pentest, the agents do the work, and you review the results when they are ready.

The agents reason about the application's behavior, adapt their approach based on responses, and pursue exploitation paths that a traditional scanner would not attempt. They find vulnerabilities that require multiple steps or understanding of the application's specific logic.

Target input

To run a pentest, you provide:

  • Target URLs: one or more base URLs for the application you want tested (e.g. https://staging.example.com). AISafe validates each URL at the start of the run; unreachable targets halt the run.
  • Authentication instructions: optional credentials or auth flow descriptions so the agent can reach authenticated areas. Describe the login flow (e.g. "POST to /login with username and password fields, and use the returned session cookie") and provide test credentials if needed.
  • Custom headers: optional headers to include in all requests (e.g. Authorization: Bearer … or an X-API-Key).
  • Rate limiting: optional requests-per-second cap to avoid overwhelming the target. Use this for production or shared staging environments.
  • Excluded paths: optional URL paths to skip during testing. Use this to protect sensitive endpoints, avoid destructive actions, or stay within scope boundaries.

The agents operate within the scope you define. Any URL outside the provided target URLs (and any additional allowed domains you configure) is unreachable from the sandbox. This keeps the test focused and prevents the agent from wandering into areas you did not intend to test.

Findings and evidence

Pentest excels at detecting:

  • Injection vulnerabilities: SQL injection, command injection, SSTI, XSS (reflected, stored, DOM-based). The agents craft payloads that demonstrate the injection and capture the response that proves exploitation.
  • Server-side request forgery (SSRF): internal network access via user-controlled URLs. The agents test whether user input can influence outbound requests to internal services.
  • Broken access control: IDOR, missing authorization checks, privilege escalation. The agents test whether authenticated users can access resources or perform actions outside their intended scope.
  • Authentication bypass: session fixation, JWT manipulation, brute-force susceptibility. The agents probe the authentication mechanism for weaknesses that allow impersonation or session takeover.
  • Information disclosure: verbose errors, exposed debug endpoints, backup files. The agents look for responses that leak sensitive information about the application or its infrastructure.
  • Business logic flaws: price manipulation, race conditions in transactions. The agents reason about the application's intended workflow and look for ways to subvert it for advantage.

For each confirmed finding, the agents provide:

  • Proof-of-concept: the exact HTTP request (method, URL, headers, body) that triggers the vulnerability, along with the response that demonstrates exploitation. You can replay the request to verify the issue.
  • Reproduction steps: a clear, step-by-step description of how to reproduce the issue, so you can verify it and hand it to the engineer responsible for the fix.
  • Impact assessment: what an attacker could achieve by exploiting the finding, grounded in the observed response. This helps you prioritize remediation relative to other findings.
  • Suggested fix: a concrete remediation recommendation tailored to the vulnerability type and the application's behavior.

The agents map each finding to a standard category (CWE or OWASP) where applicable, so you can cross-reference with your existing security tracking and compliance frameworks.

Security constraints

All pentest agent execution happens in isolated sandboxes with controlled network egress. The agent can reach the target URLs you specify (plus any additional allowed domains you configure). This prevents the agent from accessing unintended internal services or third-party systems.

AISafe destroys the sandbox after the pentest completes. No artifacts from the run, including credentials, session tokens, or captured responses, persist beyond the assessment.

If the agent encounters a redirect to a domain outside your configured scope, it does not follow it. This keeps the test within the boundaries you defined, even if the application links to external services.