Agentic architecture
Autonomous workflow
Section titled “Autonomous workflow”The architecture was built to be used on every use case. As such, we wanted to be able, when asking Perform a security assessment in black box to be able to do a deep research on different possible leads.
In security testing, recon is inevitable. From this task, it is important that the agent retrieves the most adequate and exact information about the target. And that most certainly the case if we want the agent to be autonomous.
The overall system is the following:
Recon is important in security research. So the context needs to be as exhaustive as it needs for the exploitation phase. While most models today are trained on payloads, exploits and specific techniques, we still need the find the right format and sources where to apply the model output to.
Agent architecture
Section titled “Agent architecture”general overview
Section titled “general overview”Both agents (Threat Model and recon and Exploitation) have the same agentic architecture below.
Web application usage
Section titled “Web application usage”Threat Model and recon agent
Section titled “Threat Model and recon agent”This agent specifically explores the web application. The main objective is to build the right context for the exploitation. For a web application, it could to understand the application, the authentication and authorization mechanisms, endpoints, where they lead and what they are for. Looking at the parameters and understanding their format and type. It could be other information, such as the versioning, which applications and services are connected to the web application etc.
Exploitation agent
Section titled “Exploitation agent”As in any vulnerability research, the exploitation phase needs enough information to be successful. In the agentic workflow, we are trying to do the same. By taking what the recon phase did previously, we are capable to specifically target the vulnerabilities with precision.