Guardrails for AI Pentesting¶

These are the main controls you configure to keep AI Pentesting bounded: where agents can go, how hard they hit your app, and how to stop a run.

Kill Switches¶

Organization-wide¶

Organization administrators can enable Cancel all current AI Pentesting scans and prevent all AI Pentesting scans from being started from Organization Settings > Scan Kill Switches.

When enabled:

• All running AI Pentesting assessments are canceled
• New assessments cannot be started
• Scheduled assessments are skipped until the setting is disabled

Single assessment¶

You can also cancel one assessment from the assessment page, CLI, or API. That stops only that run. Other assessments continue unless the organization kill switch is on.

Strict Mode and Scope Restrictions¶

Scope controls where Cascade can explore and what it must avoid: Standard vs Strict mode, target URLs, and optional URL or GraphQL blocklist rules.

Escape enforces scope at the network boundary, inside agents, and in prompts. Restrictions apply in both modes.

See Scope for:

• When to use Standard vs Strict
• URL and GraphQL restriction syntax
• Strict-mode CDN and static-asset allowances
• How restrictions are saved on profile update

Rate Limit¶

In Fine-Tune (Optional) > Duration, set Rate limit (req/s) from 1 to 500 (default 500).

This caps how many HTTP requests per second the assessment sends at the API level. Lower it when testing production or capacity-sensitive environments.

Max Duration¶

In the same section, set Max duration from 1 to 24 hours (default 6 hours).

When the limit is reached, the assessment stops. Use a shorter duration for smoke tests or tight maintenance windows.

Related Documentation¶

• Scope: Standard vs Strict, restrictions, and enforcement
• Quickstart: Scope and Fine-Tune
• How It Works: Profile Setup & Scope