— How it works

From target to full report in four steps.

No configuration. The agent figures out scope, attack strategy, and depth — you watch findings land in the dashboard.

01

Sign up & verify your domain.

Create an account with your email — passwordless OTP, no card required to start a trial scan against demo targets. Then prove ownership of the domain you want to scan by publishing a one-line DNS TXT record we generate for you. Takes about a minute. Verifying the root authorises every subdomain automatically.

  • Passwordless email OTP — no passwords to lose
  • Demo targets like scanme.nmap.org pre-approved
  • DNS TXT verification — cryptographic proof of ownership
  • One-time per domain; subdomains inherit
verify once, scan as often as you need
$ dig TXT _aisec-verify.yourcompany.com
"aisec-verify=4f2a3b…"
$ aisec verify yourcompany.com
[+] TXT record matched — domain authorised
[*] Root verified — all subdomains scannable
02

The agent scans autonomously.

Our proprietary AI engine — fine-tuned on millions of CVEs, exploit databases, and real pentest reports — scans your target without human input. It thinks like an attacker: writes custom payloads, chains vulnerabilities, and adapts in real time. Continuously retrained on fresh vulnerability data.

  • Custom model with RAG over 1M+ vulnerability records
  • 200+ attack modules — SQLi, XSS, SSRF, IDOR, and more
  • Chains findings into multi-step exploits
  • Stealth mode rotates 50,000+ residential IPs
AISEC scan progress
[*] Recon: 12 subdomains, 47 endpoints, 3 APIs
[*] Agent: analysing attack surface…
[*] Agent: writing custom exploit scripts…
[*] Agent: chaining findings into attack paths…
[!] CRITICAL SQL injection in /api/users?id=
[!] HIGH exposed admin panel at /admin/
[+] MEDIUM missing security headers
[*] Running 200+ attack modules in parallel…
03

Get detailed results.

Receive a comprehensive report with all findings, working PoC payloads, risk scores, and step-by-step remediation guidance. Severity is set by exploitability — the AI reviewer culls false positives before they hit your inbox.

  • Working proof-of-concept for every finding
  • CVSS, CWE, CVE references inline
  • Step-by-step remediation per vuln
  • False positives filtered by AI reviewer
scan complete · summary
════════════════════════════════════
AISEC report — yourcompany.com
════════════════════════════════════
CRITICAL: 2 · HIGH: 5 · MEDIUM: 8 · LOW: 12
[CRIT] SQL injection — /api/users
Impact: full database read
PoC: /api/users?id=1' OR '1'='1
Fix: parameterised queries
[+] Full report: ./reports/yourcompany.pdf
04

AI verification & final report.

The reviewer validates every finding with multiple verification passes. No false positives make it into your report. You get actionable PoCs, CVSS scores, and remediation steps — exportable as PDF, JSON, or via API.

  • Multi-pass AI verification
  • Working PoC for each vuln
  • PDF, JSON, or API export
  • Step-by-step fix instructions
report generation
[ALERT] 2 critical, 1 high, 1 medium found
[*] AI verifying findings…
[+] SQLi in /api/users — confirmed
[+] JWT bypass — confirmed
[+] XSS in /search — confirmed
[*] Generating PDF report…
[*] Includes: PoC, CVSS, CWE/CVE, remediation
[+] Report ready: scan_report_2026-04-30.pdf
— The complete flow

Verify · scan · review · report.

Same loop, every day. Daily revalidation on Pro and above.

Verify domain
Agent scans
AI reviews
Report shipped

Ready to start?

Starter from €129/mo, cancel any time. See what AISEC finds in your infrastructure tonight.

Activate protection Read the docs