Skip to content

Agent Catalog

This page defines the LLM-first agent types represented in the UI and the intended backend behavior for each one.

Agents are reasoning modules. They receive structured AgentContext, use an agent-specific prompt template, call an LLM provider, and return a structured AgentResponse.

Summary

Agent Category Purpose Main Outputs
Risk Agent Advisory Prioritize risk and explain concentration Risk recommendations, suspicious findings, remediation priorities
Attack Path Agent Advisory Reason over graph context and explain likely attack paths Attack path narratives, feasibility notes, chained-risk explanations
Executive Summary Agent Advisory Translate technical findings into business language Executive summaries, business impact, remediation priorities
Recon Agent Operational Identify blind spots and propose additional discovery Discovery recommendations, profile suggestions, investigation notes
Pentest Agent Operational Identify likely exploitation opportunities and validation paths Targeted scan suggestions, validation steps, exposure notes

Agent Categories

Advisory Agents

Advisory agents analyze existing platform data. They generate recommendations, summaries, risk context, and attack path explanations.

Included agents:

  • Risk Agent
  • Attack Path Agent
  • Executive Summary Agent

Expected behavior:

  • analyze existing scan results, assets, vulnerabilities, graph relationships, and history
  • generate structured recommendations and explanations
  • produce report-ready summaries and risk context
  • do not start scans
  • do not mutate scope
  • do not modify vulnerabilities automatically

Operational Agents

Operational agents analyze findings and propose follow-up discovery or validation activities. Their output can lead to additional scanning only after policy or human approval.

Included agents:

  • Recon Agent
  • Pentest Agent

Expected behavior:

  • identify blind spots in discovery coverage
  • propose additional investigation
  • recommend targeted scans or deeper profiles
  • keep all suggestions inside approved scope
  • require approval before execution
  • never exploit vulnerabilities
  • never brute-force by default
  • never expand beyond approved scope

Risk Agent

Category: Advisory

Purpose:

  • identify the highest-risk assets and findings
  • explain risk concentration across the organization
  • prioritize remediation using severity, exposure, asset importance, history, and supporting evidence
  • identify suspicious or weak findings that need analyst review
  • explain the reasoning behind each recommendation

Input focus:

  • vulnerabilities
  • asset exposure
  • asset criticality metadata
  • graph relationships
  • previous findings
  • risk statistics
  • scan history

Expected outputs:

  • risk_update recommendations
  • false_positive_candidate recommendations
  • prioritized remediation notes
  • risk concentration summary
  • confidence score and reasoning

Attack Path Agent

Category: Advisory

Purpose:

  • analyze attack surface graph context
  • identify probable attack paths from exposed entry points to sensitive assets or high-risk findings
  • explain relationships between assets, services, URLs, vulnerabilities, and scope
  • estimate attack feasibility based on exposure, evidence, and graph distance

Input focus:

  • asset graph edges
  • public entry points
  • services and URLs
  • vulnerability links
  • asset metadata
  • historical recurrence

Expected outputs:

  • attack_path narratives
  • chained-risk explanations
  • affected asset lists
  • feasibility notes
  • recommended analyst review points

Executive Summary Agent

Category: Advisory

Purpose:

  • generate executive report text
  • translate technical findings into business language
  • highlight key security concerns
  • summarize exposure and remediation priorities
  • produce concise stakeholder-ready narratives

Input focus:

  • risk statistics
  • top vulnerabilities
  • affected assets
  • attack paths
  • scan trends
  • remediation status

Expected outputs:

  • report_summary
  • business impact notes
  • prioritized remediation narrative
  • trend summary
  • concise non-technical explanation

Recon Agent

Category: Operational

Purpose:

  • identify discovery blind spots
  • identify unexplored attack surface
  • recommend additional discovery activities
  • recommend deeper scan profiles or additional data collection
  • explain why the suggested investigation is relevant

Input focus:

  • scope
  • discovered assets
  • unresolved assets
  • asset graph gaps
  • scan history
  • previous discovery results
  • risk statistics

Expected outputs:

  • suggest_scan
  • suggest_profile
  • suggest_plugin_run
  • flag_asset
  • investigation notes

Operational constraints:

  • recommendations only
  • no automatic scan execution
  • all targets must be inside approved scope
  • suggestions require approval before execution

Pentest Agent

Category: Operational

Purpose:

  • identify likely exploitation opportunities from existing evidence
  • identify suspicious exposures and high-value manual validation targets
  • recommend targeted scans
  • recommend validation steps for analysts
  • explain confidence and uncertainty

Input focus:

  • services
  • URLs
  • technologies
  • vulnerability evidence
  • asset exposure
  • previous findings
  • scan history

Expected outputs:

  • suggest_scan
  • suggest_plugin_run
  • validation steps
  • high-value target notes
  • exposure analysis

Operational constraints:

  • recommendations only
  • no exploitation
  • no brute-force by default
  • no automatic scan execution
  • all suggested actions require approval and scope validation

Agent Selection in UI

The current frontend lets administrators enable or disable each agent, choose a run mode, and select:

  • provider
  • model
  • API key

Settings are currently stored locally in the frontend until backend agent execution and persistent settings are implemented.