Issue replay¶
Issue replay automatically re-checks existing open findings from previous AI Pentesting assessments on the target profile. Cascade dispatches specialized agents to plan, reproduce, and validate each vulnerability. When a finding is still reproducible, the assessment emits updated evidence linked to the original issue.
This is separate from the Regression Testing Agent, which replays vulnerabilities described in uploaded third-party pentest reports (for example PDFs).
Issue replay is available on all AI Pentesting profiles. Execution respects the same authentication and scope settings as your profile (including Standard or Strict exploration mode and path-level restrictions).
What issues are replayed¶
Automatic replay (during assessments)¶
Escape replays all MEDIUM and HIGH open findings from previous assessments that were not automatically re-detected in the current run. This may result in longer assessments.
Manual replay¶
Beta Feature
Manual issue replay is currently in beta. While fully functional, we are actively gathering feedback and making improvements.
From the Escape UI, you can replay any existing finding to re-run detection against your live application. This is especially useful after deploying a fix: replay confirms whether the vulnerability is still reproducible, so you can validate that the patch worked before marking the issue as resolved.
You can trigger replay for any issue through the UI, regardless of severity or status. This is useful for:
- Targeting specific issues you want to validate immediately after a fix
- Rechecking RESOLVED issues that may have reappeared
Manual replay respects the same authentication and scope settings as your AI Pentesting profile.
Related documentation¶
- Regression Testing Agent: replay from uploaded pentest reports
- Scope: Standard vs Strict mode and restrictions
- Authentication: configuring login for assessments
- Guardrails: kill switch, rate limits, and max duration