— Docs

Everything you need to ship AISEC into your workflow.

Quickstarts, configuration references, and the API. Stubs link out to deeper guides. The dashboard's /help has video walkthroughs.

⌘ K
01 / Getting started

CLI quickstart

Install the binary, authenticate, run your first scan in under five minutes.

  • Install (brew, apt, curl)
  • aisec login
  • aisec scan --target
  • aisec replay
Read on →
02 / Configuration

Scope config

Tell the agent what's in scope, what's off-limits, and how aggressively to probe.

  • aisec.yml schema
  • Allow / deny rules
  • Auth profiles (OAuth, SAML)
  • Rate limits & safe-mode
Read on →
03 / Operations

Scheduled rhythm

Daily, weekly, on-deploy, on-demand. Set the cadence per target.

  • Cron-style schedules
  • Deploy-triggered runs
  • Quiet hours / change-freeze
  • Burst windows
Read on →
04 / Integrations

Connect your stack

Slack, Jira, Linear, GitHub Actions, PagerDuty, SAML SSO, webhooks.

  • GitHub Actions YAML
  • Jira / Linear field mapping
  • SAML + SCIM provisioning
  • Webhook event reference
Read on →
05 / Reference

API reference

REST endpoints for findings, scans, evidence, and revalidation.

  • Auth: bearer tokens
  • /findings · list, get, close
  • /scans · trigger, status
  • /evidence · download
Read on →
06 / Help

Troubleshooting

The handful of things that go wrong, and how to fix them in a minute.

  • Domain-control verification fails
  • Rate-limit / WAF interference
  • Auth profile expired
  • Report generation timeout
Read on →
— CLI quickstart

Five minutes to your first chain.

macOS, Linux, Windows. Single static binary. No agent install on your servers.

1

Install

One line — pulls the latest signed binary.

curl -sSL get.aisec.sh | sh
2

Authenticate

Browser flow — bearer token written to ~/.aisec/auth.

aisec login
3

Verify domain control

One-time DNS TXT or HTTP file check.

aisec verify aisec.tools
4

Run your first scan

Daily cadence by default — overridable per target.

aisec scan --target app.aisec.tools
5

Replay any finding

Hand the curl to engineering. Watch it pass on patch.

aisec replay FND-2891-014
~/work/acme · aisec
$ curl -sSL get.aisec.sh | sh
▸ aisec 1.4.2 installed → /usr/local/bin/aisec

$ aisec login
opening browser… token written.

$ aisec verify aisec.tools
✓ DNS TXT _verify.aisec.tools confirmed.

$ aisec scan --target app.aisec.tools
▸ recon     7 hosts, 2 new
▸ probe     14 findings
▸ chain     2 critical chains assembled
▸ verify    PoC ready · poc-2891.curl
✓ done      report → run-2891.pdf
— API reference

REST. Bearer tokens. JSON.

Base URL https://api.aisec.tools/api/v1 · Authenticate with an API key minted in Dashboard → Developer using header Authorization: Bearer ask_…. Rate-limited at 100 requests / minute / IP, 10 / minute for scan creation.

Method Path Description
GET /auth/me Current account, plan, role, project quota
GET /projects List projects (root domain groupings) for the account
POST /projects Create a project from a root domain
GET /projects/{id}/targets List specific hostnames under a project (with scan counts)
POST /projects/{id}/targets Add a target hostname (must share project's root domain)
POST /scans Trigger a scan; coerced to project root, chooses Sonnet (pentest) or Haiku (discovery / retest / revalidation) per scan_type
GET /scans/{id} Scan status, progress, findings emitted so far, breadcrumb on failure
POST /scans/{id}/resume Continue a stopped scan with full prior recon context
GET /findings Findings list — filter by severity, scan, project, status
GET /projects/{id}/issues Deduplicated project-level issues (canonical workflow surface)
POST /projects/{id}/issues/{num}/retest Mark "ready to retest" — auto-launches a focused Haiku retest scan
GET /projects/{id}/chains Multi-step attack chains assembled across issues
POST /projects/{id}/ci-integrations Mint a webhook secret + URL for GitHub Actions / pipeline triggers
DELETE /ci-integrations/{id} Revoke a CI integration secret
GET /activity Live timeline: completions, failures, issue transitions, lifecycle
GET /profile/export GDPR data export — your full account state as JSON
trigger a scan from your CI
$ curl -X POST https://api.aisec.tools/api/v1/scans \
    -H "Authorization: Bearer $AISEC_KEY" \
    -H "Content-Type: application/json" \
    -d '{"project_id": "PRJ-04", "scan_type": "pentest", "source": "ci"}'

{"id":"SCN-2891","status":"queued","created_at":"2026-04-30T12:14Z"}
— Integrations

Connect your stack.

Findings flow into the systems you already run on-call.

CI / CD

GitHub Actions

Configure a CI integration in the dashboard → mint a webhook secret. Push events trigger pentests automatically. Use the AISEC GitHub Action to gate PRs by severity.

POST /projects/{id}/ci-integrations
Tickets

Jira · Linear (Premium)

Critical / high findings open as tickets with PoC, owner, SLA. Status syncs both ways — closing a Jira ticket flips the issue to "ready to retest" automatically.

Alerts

Slack · email · webhook

Severity-routed: criticals go to PagerDuty / Slack DM, mediums to a digest, highs to a project channel. Configurable per project.

SSO

SAML / WorkOS (Premium+)

Okta, Azure AD, Google Workspace. SCIM provisioning on Enterprise — group → role mapping, JIT user creation, deprovision on offboard.

SIEM

Webhook / log forwarding (Enterprise)

Stream finding events as JSON to your SIEM (Splunk, Datadog, Elastic). CSV export of audit trail on Premium and above.

CLI

Python (pipx) and Node (npx)

Same key, two binaries. pipx install aisec-cli or npx aisec-cli. Streams cost + completion events over WebSocket.

— Stuck?

Three places to ask.

Slack Connect

Premium and Enterprise customers: your engineers and ours, in a shared channel. 4-hour response SLA in business hours.

Open Slack Connect →

Community forum

Open-by-default forum for feature requests, playbook ideas, and the changelog. Engineers from AISEC answer here.

Talk to the team →

Email support

[email protected] — for everyone, every plan. We read every message; SLA scales with plan.

Email support →