concept
Pentest Agent
The pentest loop end to end — run an assessment, review the result, add context to your assets, triage findings, automate the loop, and watch your posture on the dashboard.
The Pentest Agent works in a loop, not a one-shot scan. You point it at a scope, it maps what is reachable, you tell it which of those things matter, and it runs the next assessment it recommends based on what it just found. Each pass covers more of the surface. Findings flow out the side of the loop for your team to assign and close, and once the rhythm is steady you hand it to automation.
This page is the whole loop on one screen. It is enough for a new visitor to understand how Pentest Agent works before opening the demo or app.
The pentest loop
Everything the Pentest Agent does fits one repeating cycle: run an assessment, review what it found, tell it what matters, and let the next run go deeper. Findings flow out to your team, and the dashboard tracks your posture as the loop runs.
Step 1 — Run an assessment
The first assessment on a scope is discovery: the agent maps reachable hosts, services, endpoints, technologies, and authentication surfaces — you do not write a goal. That map is the raw material for everything after. Each later run goes deeper into the parts you flag as important.
Step 2 — Review the result
When a run finishes, its detail page is the record. The overview leads with an executive summary; Activity shows the phase timeline and every step the agent took; the report packages it for stakeholders; and the live terminal replays the whole session — every command, finding, and piece of evidence.
Step 3 — Review assets and add context
Discovery tells the agent what is reachable; it cannot tell what matters to your business. Promote the assets you intend to track and add context: criticality, data sensitivity, owner, and authentication boundary. That context is what the agent uses to decide where to look next — so the next run in the loop is sharper than the last.
Step 4 — Triage the findings
Findings are the output that leaves the loop. Open one to read its evidence and the recommended fix, assign an owner, and move it through its lifecycle — in progress, retest, closed, or accepted risk with a rationale.
Step 5 — Automate the loop
Once a scope's loop is steady, you do not have to drive it by hand. An automation re-maps the surface or re-tests a high-value workflow on its own — on a schedule, continuously, or on an event. New findings still flow to your team to triage.
Step 6 — Continuous monitoring
As the loop runs, the dashboard rolls everything up: a security posture grade, open findings by severity, mean time to remediate, testing cadence, and compliance readiness. This is the continuous-monitoring view — how your posture trends over time as automation keeps testing, not a one-off report.
Where the details live
That is the whole loop. The app walks operators through setup details — scopes, testing modes, private runners — and assistant chat can explain the active scope, run, finding, or automation when someone needs help in context.
Related articles
Last updated Jul 14, 2026
