Skip to main content
Neo never starts from zero. Memory keeps Neo grounded in your working style, your environment, and everything it has seen before. It preserves your preferences, verification patterns, and project history so that every workflow builds on previous context. To augment this, Neo uses strategic retrieval to pull information from your stored Files (artifacts, docs, and findings) with embedding-based recall and citations. The result: Neo behaves like an extension of your team, not a tool you have to re-brief every time.

Working memory

Working memory captures how you work and what matters to your organization:
  • What it preserves: preferred confirmation steps (e.g., SSRF, DOM XSS, IDOR), when to escalate or retry, concise vs. verbose output style, minimum proof standards, workflow biases (which tools to try first and with which parameters), project status and progress across tasks, and correlations between data, files, and past decisions
  • How Neo uses it at runtime:
    1. Planning: injects weighted preferences into the task plan (tool selection, ordering, fallbacks)
    2. Execution: tunes prompts for sub-steps (for example, verify with an independent payload before reporting)
    3. Evidence: raises the bar on proof where you have set stricter standards
    4. Reporting: formats outputs consistent with your style guidelines
    5. Context recall: surfaces project history, prior task outcomes, and links related files and findings to current work
Examples
  • Format all vulnerability reports with severity, CVSS score, affected endpoints, reproduction steps, and remediation guidance in structured Markdown tables.
  • Treat 4xx during auth probing as soft-fail, retry with rotated headers before escalating.
  • When verifying IDOR, always include one negative control and capture both request/response pairs.
  • Prefer httpx with -tls-grab during recon; fall back to curl only if needed.
  • Recall that the checkout feature was tested last quarter; surface prior findings and link the original PoC from Files when revisiting.
  • Track that API endpoint enumeration is in progress across multiple tasks; correlate new discoveries with earlier coverage maps.

Retrieval

Retrieval is how Neo pulls the right information at the right time from your stored Files and chat history. When working memory needs context, retrieval surfaces the relevant artifacts, docs, findings, and previous conversations with citations.
  • What you can store: past findings and confirmation steps, bypass techniques and exploit variants, logs and traces, PoCs, write-ups, architecture docs and API references, ad-hoc notes and exports (CSV, JSON, Markdown, and more), plus entire chat history from previous sessions
  • Ways to add files: manual upload, auto-capture from Neo runs, or programmatic integrations from your pipelines
  • How it works:
    1. Storage: all files, artifacts, and data are stored securely in your workspace
    2. Embedding: content is chunked and converted to vector embeddings with metadata (source, filename, timestamps) for traceability
    3. Runtime retrieval: when Neo encounters a specific app, endpoint, or situation, retrieval automatically recalls previous related data by searching embeddings; hybrid retrieval (semantic plus keyword) pulls relevant excerpts with citations during planning and answering
Examples
  • When testing an endpoint previously scanned, retrieval recalls prior HARs, response patterns, and PoCs with citations.
  • During API enumeration, related OpenAPI specs and past payload variants are retrieved automatically.
  • Reviewing a feature surfaces linked architecture docs, prior findings, and confirmation steps from earlier runs.
  • Auto-captured screenshots and logs are retrieved when Neo revisits a UI flow or error condition.
  • Previous chat history is recalled when resuming a project, surfacing earlier decisions, questions asked, and context from past sessions.