Skip to content

AI Pentesting

Escape AI Pentesting is powered by Cascade, Escape's multi-agent pentest engine. Cascade explores your application like a human pentester, reasons about what an attacker could chain together, and proves exploitability with concrete evidence. It combines large language model reasoning with Escape's crawling and DAST infrastructure to find complex, multi-step vulnerabilities that rule-based scanners miss.

This page explains what changed with Cascade, what's available today, and what's coming next. If you just want to launch an assessment, jump to the Quickstart.

What Changed: From Fixed Agents to One Engine

Earlier, AI Pentesting shipped as a set of separate, single-purpose agents. Each vulnerability class had its own hardcoded agent: an XSS Agent, a SQLi Agent, an IDOR/BOLA Agent, and so on. Each ran with a fixed playbook and a fixed slice of the application.

Cascade replaces that model with a single adaptive engine:

  • One orchestrator, many specialists. Cascade plans the engagement, then spawns focused worker agents on demand: reconnaissance, targeted exploitation, validation. The mix of workers depends on what the application actually exposes, not on a fixed agent list.
  • Shared context. Workers exchange findings and discoveries as they go, so a lead found by one worker (a database-backed endpoint, a leaked token, a tenant boundary) immediately informs the others.
  • Independent verification. A dedicated reporter agent re-runs every candidate finding against the live target and collects its own evidence before filing an issue, which keeps the false-positive rate low.
  • Coverage tracking. An advisory coverage agent watches which surfaces have been tested and pushes the orchestrator toward the gaps.

The vulnerability classes you knew as individual agents are now capabilities of Cascade. The pages under this section describe how Cascade tests for each class and how to steer it.

What's Available Today

  • Black-box multi-agent pentesting. Cascade runs an autonomous swarm against web applications, REST APIs, and GraphQL APIs. See Cascade: Multi-Agent Pentest.
  • Broad vulnerability coverage. Cross-site scripting, SQL injection, access control (BOLA, IDOR, privilege escalation), business logic flaws, SSRF, command injection, plus front-end JavaScript analysis that surfaces leaked secrets and undocumented APIs. See How It Works for the full list.
  • Unitary regression testing. Upload a previous pentest report and Cascade replays each reported vulnerability one at a time to confirm whether it's still reproducible. See Regression Testing.
  • Artifacts and context. Attach PDF pentest reports, OpenAPI exports, documentation, or screenshots. Cascade uses them as context and replay material.
  • Authentication. Configure one or more users with natural-language sign-in instructions. Multiple users unlock authorization testing across roles and tenants. See Authentication.
  • Memory across assessments. Cascade carries application knowledge between assessments, so issue finding stays consistent from run to run instead of starting cold every time.
  • Evidence-rich issues. Every finding ships with an attack chain, an impact assessment (CVSS score and vector), and a Proof of Exploit: the request chain, screenshots, and reproduction steps engineering can replay.
  • Simple setup. A dedicated creation form walks you through scope, authentication, optional tuning, and a pre-launch review. No manual agent selection.

Coming Soon

These capabilities are in active development. They're listed here so you know what's on the way, with no committed dates:

  • Memory for crawling. Reuse what Cascade learned about a target's structure to make later crawls faster and deeper.
  • Reasoning logs. Richer, structured traces of why each agent took an action, surfaced directly in the assessment view.
  • Critical-vulnerability detection. Deeper exploitation paths aimed at the highest-severity outcomes, including CVE exploitation.
  • Whitebox pentesting. Source-aware testing that reasons over repository code alongside the running application. See Whitebox Agent.

Positioning: AI Pentesting, DAST, and ASM

When to Use AI Pentesting

AI Pentesting is the right tool when you need:

  • Deep, adaptive testing: agents that reason about application behavior and adapt
  • Complex vulnerability discovery: multi-step attacks, business logic flaws, and authorization issues
  • Autonomous exploration: agents that navigate complex workflows and understand context
  • Proven exploitability: findings backed by a reproducible attack chain

When to Use DAST

Business Logic Aware DAST is better suited for:

  • Systematic, repeatable testing: rule-based checks with predictable coverage
  • CI/CD integration: fast, automated security testing in pipelines
  • Custom rule enforcement: organization-specific policies and governance

When to Use ASM

ASM focuses on:

  • Attack surface discovery: finding all exposed assets and endpoints
  • Asset inventory: maintaining a view of your attack surface
  • Continuous monitoring: tracking changes to your external exposure

Operational Controls

AI Pentesting Kill Switch

Organization administrators can enable an AI Pentesting Scan Kill Switch from Organization Settings.

When this setting is enabled:

  • All currently running AI Pentesting assessments are canceled
  • New AI Pentesting assessments cannot be started manually
  • Scheduled AI Pentesting assessments are skipped until the setting is disabled

Use this control when you need to immediately stop agent activity across an organization, for example during incident response, a maintenance window, or while updating assessment configuration.

Getting Started

Profile Setup

Create AI Pentesting profiles from the AI Pentesting page by clicking New Pentest. The dedicated creation form walks you through scope, authentication, optional tuning, and the pre-launch review. It's separate from the generic DAST scan-profile wizard.

You can edit an existing pentest profile from the profile page. Editing uses the same form, but the target URLs are read-only after creation.

Ready to run your first assessment? See the Quickstart.

Documentation