- How it works

From target to full report in four steps.

No configuration. The agent figures out scope, attack strategy, and depth - you watch findings land in the dashboard.

01

Sign up & verify your domain.

Create an account with your email - passwordless OTP, no card required to start a trial scan against demo targets. Then prove ownership of the domain you want to scan by publishing a one-line DNS TXT record we generate for you. Takes about a minute. Verifying the root authorises every subdomain automatically.

  • Passwordless email OTP - no passwords to lose
  • Demo targets like scanme.nmap.org pre-approved
  • DNS TXT verification - cryptographic proof of ownership
  • One-time per domain; subdomains inherit
verify once, scan as often as you need
$ dig TXT _aisec-verify.yourcompany.com
"aisec-verify=4f2a3b…"
$ aisec verify yourcompany.com
[+] TXT record matched - domain authorised
[*] Root verified - all subdomains scannable
02

The agent scans autonomously.

An autonomous AI agent scans your target without human input - frontier models today, AISEC-tuned models in active development. It writes custom payloads, chains vulnerabilities, and adapts in real time on a continuously refreshed CVE / NVD / ExploitDB intel feed.

  • Custom AISEC models in active training on a curated vuln corpus
  • 200+ attack modules - SQLi, XSS, SSRF, IDOR, and more
  • Chains findings into multi-step exploits
  • Stealth mode with rotating residential egress
AISEC scan progress
[*] Recon: 12 subdomains, 47 endpoints, 3 APIs
[*] Agent: analysing attack surface…
[*] Agent: writing custom exploit scripts…
[*] Agent: chaining findings into attack paths…
[!] CRITICAL SQL injection in /api/users?id=
[!] HIGH exposed admin panel at /admin/
[+] MEDIUM missing security headers
[*] Running 200+ attack modules in parallel…
03

Get detailed results.

Each finding ships with a working PoC payload, severity scored by real exploitability, and step-by-step remediation. An AI reviewer culls false positives before anything reaches your inbox.

  • Working proof-of-concept for every finding
  • CVSS, CWE, CVE references inline
  • Step-by-step remediation per vuln
  • False positives filtered by AI reviewer
scan complete · summary
════════════════════════════════════
AISEC report - yourcompany.com
════════════════════════════════════
CRITICAL: 2 · HIGH: 5 · MEDIUM: 8 · LOW: 12
[CRIT] SQL injection - /api/users
Impact: full database read
PoC: /api/users?id=1' OR '1'='1
Fix: parameterised queries
[+] Full report: ./reports/yourcompany.pdf
04

AI verification & final report.

The reviewer validates every finding with multiple verification passes. No false positives make it into your report. You get actionable PoCs, CVSS scores, and remediation steps - exportable as PDF, JSON, or via API.

  • Multi-pass AI verification
  • Working PoC for each vuln
  • PDF, JSON, or API export
  • Step-by-step fix instructions
report generation
[ALERT] 2 critical, 1 high, 1 medium found
[*] AI verifying findings…
[+] SQLi in /api/users - confirmed
[+] JWT bypass - confirmed
[+] XSS in /search - confirmed
[*] Generating PDF report…
[*] Includes: PoC, CVSS, CWE/CVE, remediation
[+] Report ready: scan_report_2026-04-30.pdf
- The complete flow

Verify · scan · review · report.

Same loop, every day. Daily revalidation on Pro and above.

Verify domain
Agent scans
AI reviews
Report shipped

Ready to start?

One pentest from €499, or continuous from €679/mo. See what AISEC finds in your infrastructure tonight.

Activate protection Read the docs