Skip to content

Proof of Exploit

A DAST finding is a claim: "I think this is exploitable." A Proof of Exploit is a demonstration: "Here's the request chain, here's the response, here's the screenshot, here's the attack path." Proof of Exploit is what cuts triage time because engineering doesn't have to reproduce the bug from a one-line description.

What a Proof of Exploit Contains

Every Proof of Exploit shipped with an AI Pentesting finding carries four things:

  • Attack path: the ordered list of endpoints the agent walked to land the exploit, with the reasoning for each hop.
  • Request chain: the full HTTP traffic (or browser actions) the agent executed, ready to replay with cURL or a REST client.
  • Screenshots: where the attack manifests in a user interface (a stored XSS firing, an unauthorized admin page loading, a sensitive file rendered in the browser).
  • Execution logs: the agent's own log of what it tried, what worked, and what didn't.

That bundle is the artifact you paste into the Jira ticket, the Slack thread, or the pull-request comment.

Why It Matters

Most of the time an engineer loses triaging a security finding is spent reproducing it. Proof of Exploit shortcuts that: the first click in the UI opens the traffic, the second exports it as cURL, the third links to the exact file and function (when the repository is connected). Internally, we've measured around an 80% reduction in time-to-remediate when Proof of Exploit is attached, compared to a severity-and-description handoff.

When Proof of Exploit Runs

Proof of Exploit is part of every AI Pentesting scan. You don't toggle it separately. If an agent finds something it cannot prove, the finding is downgraded to "likely exploitable, evidence not captured" so your triage signal stays clean.

See Graph Reasoning for how the agent picks the attack path in the first place, and Scan Results for the UI walkthrough.