ModernPentestModernPentest
AI Agents

Prover

The agent that confirms or denies each investigation by actively exploiting it

Role

The prover takes a single investigation from the auditor and answers one question: is it real? It does that by actually attempting the attack — not by guessing from a version banner.

One prover runs per investigation, each loading the capability profile the auditor assigned (access control, injection, authentication, business logic, and so on). Many provers run in parallel across the investigations from a round.

Confirm by exploitation

A prover's goal is a demonstrated vulnerability, with evidence:

  • Establishes a baseline, then attempts the exploit the investigation describes
  • Captures proof — the request/response pairs, the cross-tenant record it read, the value it exfiltrated, the behavior it changed
  • Confirms or denies — only what it can actually exploit is reported as a finding; the rest is ruled out so it never reaches your queue

This is why findings come with a reproducible proof of concept rather than "this looks like it might be vulnerable."

Chaining

A prover doesn't stop at a single confirmed issue. When a finding opens a door — an SSRF that reaches an internal service, an auth bypass that exposes an admin API — it feeds back to the auditor, which emits follow-up investigations that chain deeper into the graph. The result is real attack paths, not isolated alerts. See attack paths.

Deterministic checks

Not every check needs a reasoning model. For classes of issue that are mechanical to verify, the auditor routes the work to deterministic agents instead of a prover:

  • Security headers — Missing or misconfigured headers (CSP, HSTS, clickjacking protections)
  • Rate limiting — Whether sensitive endpoints throttle abusive request volumes

These run without LLM cost and feed their findings into the same consolidation and validation pipeline.

Safety

Provers operate under strict controls:

  • Scope enforcement — Only authorized targets are touched; out-of-scope requests are blocked
  • Non-destructive by default — Proof-of-concept payloads demonstrate impact without damaging data
  • Rate limiting — Respects your configured limits to avoid overloading the application
  • Full audit trail — Every request and response is recorded

After the prover

Confirmed findings flow into consolidation (dedup + enrichment) and then to the validation agents, which act as a critic — filtering false positives, finalizing severity, and verifying remediation on rescans — before anything lands in your report.

Next steps

Last updated: June 11, 2026

Auditor

The graph-wide reasoning agent that decides what to attack

Validation Agents

AI agents that verify findings and confirm remediations

On this page

Role
Confirm by exploitation
Chaining
Deterministic checks
Safety
After the prover
Next steps