Skip to content

Guardrails for AI Pentesting

These are the main controls you configure to keep AI Pentesting bounded: where agents can go, how hard they hit your app, and how to stop a run.

Kill Switches

Organization-wide

Organization administrators can enable Cancel all current AI Pentesting scans and prevent all AI Pentesting scans from being started from Organization Settings > Scan Kill Switches.

When enabled:

  • All running AI Pentesting assessments are canceled
  • New assessments cannot be started
  • Scheduled assessments are skipped until the setting is disabled

Single assessment

You can also cancel one assessment from the assessment page, CLI, or API. That stops only that run. Other assessments continue unless the organization kill switch is on.

Strict Mode

In the Scope section of the New Pentest form, choose Strict when the agent must stay on the URLs you list and must not expand to related hosts.

  • Standard (default): Escape can include related assets in the same application footprint, for example APIs on the same root domain as your frontend.
  • Strict: Only the listed URLs and their subdomains are in scope. Anything you omit stays out.

Use Strict for contained testing on production or when you need a hard boundary around a fixed set of endpoints.

Scope Restrictions

Scope restrictions block specific pages or endpoints without changing the overall scope mode.

Add them in the Scope section:

Type What it blocks
CRAWL Visiting a URL or path during crawling and browser navigation
API Testing Active security testing against a URL or path

For API Testing, you can optionally limit the block to specific HTTP methods (GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD, or ANY).

Examples:

  • Block /admin from crawling while still testing the rest of the app
  • Block POST /api/billing/charge from active testing while allowing read-only checks elsewhere

For blocklist matching rules, see Scope Configuration.

Rate Limit

In Fine-Tune (Optional) > Duration, set Rate limit (req/s) from 1 to 500 (default 500).

This caps how many HTTP requests per second the assessment sends at the API level. Lower it when testing production or capacity-sensitive environments.

Max Duration

In the same section, set Max duration from 1 to 24 hours (default 6 hours).

When the limit is reached, the assessment stops. Use a shorter duration for smoke tests or tight maintenance windows.