- How it works

From target to full report in four steps.

No configuration. The agent figures out scope, attack strategy, and depth - you watch findings land in the dashboard.

01

Sign up & verify your domain.

Create an account with your email - passwordless OTP, no card required to start a trial scan against demo targets. Then prove ownership of the domain you want to scan by publishing a one-line DNS TXT record we generate for you. Takes about a minute. Verifying the root authorises every subdomain automatically.

  • Passwordless email OTP - no passwords to lose
  • Demo targets like scanme.nmap.org pre-approved
  • DNS TXT verification - cryptographic proof of ownership
  • One-time per domain; subdomains inherit
verify once, scan as often as you need
$ dig TXT _aisec-verify.yourcompany.com
"aisec-verify=4f2a3b…"
$ aisec verify yourcompany.com
[+] TXT record matched - domain authorised
[*] Root verified - all subdomains scannable
02

The agent scans autonomously.

An autonomous AI agent scans your target without human input - frontier models today, AISEC-tuned models in active development. It writes custom payloads, chains vulnerabilities, and adapts in real time on a continuously refreshed CVE / NVD / ExploitDB intel feed.

  • Custom AISEC models in active training on a curated vuln corpus
  • 200+ attack modules - SQLi, XSS, SSRF, IDOR, and more
  • Chains findings into multi-step exploits
  • Stealth mode with rotating residential egress
AISEC scan progress
[*] Recon: 12 subdomains, 47 endpoints, 3 APIs
[*] Agent: analysing attack surface…
[*] Agent: writing custom exploit scripts…
[*] Agent: chaining findings into attack paths…
[!] CRITICAL SQL injection in /api/users?id=
[!] HIGH exposed admin panel at /admin/
[+] MEDIUM missing security headers
[*] Running 200+ attack modules in parallel…
03

Get detailed results.

Each finding ships with a working PoC payload, severity scored by real exploitability, and step-by-step remediation. An AI reviewer culls false positives before anything reaches your inbox.

  • Working proof-of-concept for every finding
  • CVSS, CWE, CVE references inline
  • Step-by-step remediation per vuln
  • False positives filtered by AI reviewer
scan complete · summary
════════════════════════════════════
AISEC report - yourcompany.com
════════════════════════════════════
CRITICAL: 2 · HIGH: 5 · MEDIUM: 8 · LOW: 12
[CRIT] SQL injection - /api/users
Impact: full database read
PoC: /api/users?id=1' OR '1'='1
Fix: parameterised queries
[+] Full report: ./reports/yourcompany.pdf
04

AI verification & final report.

The reviewer validates every finding with multiple verification passes. No false positives make it into your report. You get actionable PoCs, CVSS scores, and remediation steps - exportable as PDF, JSON, or via API.

  • Multi-pass AI verification
  • Working PoC for each vuln
  • PDF, JSON, or API export
  • Step-by-step fix instructions
report generation
[ALERT] 2 critical, 1 high, 1 medium found
[*] AI verifying findings…
[+] SQLi in /api/users - confirmed
[+] JWT bypass - confirmed
[+] XSS in /search - confirmed
[*] Generating PDF report…
[*] Includes: PoC, CVSS, CWE/CVE, remediation
[+] Report ready: scan_report_2026-04-30.pdf
- The complete flow

Verify · scan · review · report.

Same loop, every day. Daily revalidation on Pro and above.

Verify domain
Agent scans
AI reviews
Report shipped

Ready to start?

Continuous AI pentesting, priced per engagement. See what AISEC finds in your infrastructure tonight.