Agentic Scan: Your AI Pentester Running an OODA Loop

Automated scanners test for SQL injection with predefined payloads. They check headers against a known list. They don't think about your specific application.

Agentic Scan deploys Claude AI as an autonomous pentester. It reads your scan results, forms hypotheses about what might be vulnerable, sends targeted HTTP probes to confirm, and adapts its strategy based on what it finds. The same workflow a human security researcher follows, compressed into 5 minutes.

How It Works: The OODA Loop

Agentic Scan operates on an OODA reasoning loop — a decision-making framework used in military strategy and adapted for security testing:

Observe

Claude AI receives the complete results from all prior scanners — every finding, every endpoint discovered, every response pattern. It builds a map of your application's attack surface.

Orient

Based on the observations, Claude identifies gaps in the automated scan coverage and forms attack hypotheses. For example:

• "The login endpoint returns different response times for valid vs invalid emails — timing oracle for user enumeration"
• "The API accepts JSON but doesn't validate Content-Type — possible deserialization attack"
• "The admin dashboard loads but returns 403 — test for authorization bypass via header manipulation"

Decide

Claude selects the most promising hypothesis and plans a targeted probe — choosing the HTTP method, headers, body, and expected response that would confirm or deny the vulnerability.

Act

Claude sends the probe and analyzes the response. If the hypothesis is confirmed, it records the finding with full evidence. If not, it moves to the next hypothesis.

This loop repeats for up to 20 iterations, with each cycle informed by everything learned in previous cycles.

What It Finds That Scanners Miss

Automated scanners test for known vulnerability patterns. Agentic Scan finds context-specific issues that require reasoning:

• Application-specific logic flaws — a scanner can't know that your e-commerce app should prevent negative quantities, but Claude can reason about it from the API structure
• Chained exploitation paths — combining a low-severity information leak with an authentication weakness to demonstrate a realistic attack
• Authorization boundary testing — probing whether user A can access user B's resources by analyzing endpoint patterns
• Unusual response behaviors — detecting when an endpoint reveals sensitive information through error messages, timing differences, or response size variations

Safety Guardrails

Agentic Scan is autonomous but strictly constrained:

| Guardrail | Detail | |---|---| | Allowed methods | GET, POST, PUT only — no DELETE, no PATCH | | Scope lock | All requests scoped to the target domain only | | Payload blocklist | No destructive payloads (DROP TABLE, DELETE FROM, rm -rf) | | Iteration limit | Maximum 20 probes per scan | | Time limit | 5-minute timeout | | Rate limit | 5 requests per second | | Deep mode only | Only available with Deep Scan (not Quick) |

Claude AI cannot escape these guardrails. It operates within a sandboxed execution environment where every outgoing request is validated against the safety rules before it's sent.

What You Get

Each finding from Agentic Scan includes:

• Vulnerability description — what was found, in plain language
• HTTP evidence — the exact request and response that proves the issue
• Severity rating — Critical, High, Medium, or Low
• Exploitation scenario — how an attacker would use this in practice

Agentic findings appear alongside your regular scan results, marked with an "AI Detected" badge so you can see exactly what the autonomous agent discovered beyond the automated scanners.

Who It's For

• Security-conscious teams — who want more than pattern-matching
• Complex applications — with custom business logic, multi-step workflows, or non-standard API designs
• Post-Deep-Scan — when automated scanners found some issues and you want to know what else is hiding
• Before bug bounty launch — find the low-hanging fruit before researchers do

How to Use It

1. Sign in and buy credits at /pricing ($3 per scan)
2. Go to /scan and paste your URL
3. Select Deep mode (required for Agentic)
4. Check the Agentic Scan checkbox
5. Optionally enable Aggressive Mode too — both use 1 credit total
6. Confirm authorization and execute

The scan runs all 54+ automated scanners first, then hands the results to Claude AI for the OODA reasoning phase. Total scan time is ~15 minutes (10 min automated + 5 min AI).

Agentic vs Aggressive: What's the Difference?

| | Aggressive Mode | Agentic Scan | |---|---|---| | Approach | Predefined attack patterns | AI-driven adaptive reasoning | | Tests | File upload, mass assignment, prototype pollution | Context-specific hypotheses based on your findings | | Requests | ~5,000 automated | Up to 20 targeted probes | | Strength | Breadth — covers known attack classes | Depth — finds app-specific logic flaws | | Best together | Yes — Aggressive expands the attack surface, Agentic reasons over the combined results |

Frequently Asked Questions

How is Agentic Scan different from the AI attack chains in Deep Scan? Attack chains analyze existing findings and correlate them into multi-step exploit paths. Agentic Scan goes further: it actively sends new HTTP requests to test hypotheses that the automated scanners never considered. It discovers new vulnerabilities, not just connections between existing ones.

Can Agentic Scan damage my application? No. It only uses GET, POST, and PUT methods. DELETE is blocked. All payloads are validated against a safety blocklist before sending. The scope is locked to your target domain.

Why is it limited to 20 probes? Each probe is a targeted, reasoned test, not a brute-force attempt. Twenty well-chosen probes based on your specific findings are more effective than thousands of generic payloads. The limit also keeps scan costs predictable.

Does it work with Quick Scan? No. Agentic Scan requires Deep mode because it needs the full set of findings and discovered endpoints to form meaningful hypotheses.

---

Ready to deploy your AI pentester? Enable Agentic Scan →