Skip to main content
Neo can operate autonomously once it has context, but the best results come from a clear setup. Neo is ready to work out of the box; it just needs to know where to look and how far should it go. Before you run Neo for the first time, spend a few minutes giving it the essentials: where to operate, what to access, and what to prioritize.
  • Connect the Tools You Already Use Neo runs on top of ProjectDiscovery’s stack and plugs into your existing workflow. Connect your team’s systems so Neo can discover, test, and take action where it matters:
    • Code repos (GitHub or GitLab)
    • Ticketing systems (Jira, Linear)
    • Alerting systems (Slack)
    This helps Neo work across the same ecosystem your team already uses.
  • Provide the Right Level of Access Grant Neo read access where it needs visibility (code, configs, APIs) and permission to take actions only where you’re comfortable, such as creating tickets, PRs, or validation runs. All actions are logged and auditable, so you can review what Neo did at any time.
  • Share Context Give Neo a sense of what’s important in your environment: which services are critical, which risks matter most, and what’s already been tested or fixed. Neo uses this context to prioritize intelligently and avoid redundant work.

Your first workflow with Neo

Now that Neo is connected and has the context it needs, you can put it to work. Your first workflow is about seeing how Neo thinks, plans and executes a security task, end to end.
Unlike most AI systems that run one command at a time, Neo is built to handle complex, multi-step workflows, chaining discovery, testing, validation, remediation and reporting together seamlessly.Neo can follow precise instructions or explore open-ended security objectives: thinking like a seasoned attacker while keeping actions transparent. It remembers what it has seen before, reasons across steps, and reuses that context to make each run smarter.
You can give it a target, describe what you want to achieve, and watch it do the heavy lifting.
  1. And Now we Begin Start with a focused, high-value task that shows how Neo reasons through a workflow. A few good starting points:
    • “Scan the /v1/auth/sso endpoint on staging for authentication bypasses.”
    • “Validate the fix for SEC-1234 on our payments service.”
    • “Find exposed admin panels and sensitive files on app.example.com.”
    Pick something familiar, scoped, and easy to verify.
  2. Give Neo the Context Tell Neo what it needs to know to plan intelligently:
    • Target: an app, repo, API, or asset group.
    • Goal: what you want it to accomplish (e.g., test, validate, or discover).
    • Constraints: anything to avoid (e.g., production systems, specific endpoints).
    Neo uses this context to design a multi-step plan, deciding which tools to use, in what order, and why.
  3. Watch Neo Plan and Execute When you start a workflow, Neo first explains its workflow plan:
    • What steps it’s going to take.
    • Which tools or integrations it will use.
    • The reasoning behind its choices.
    Then it begins execution, streaming every command, decision, and intermediate result in real time.
    Stay in session for your first run. Watching Neo reason and execute helps you understand how it works.
  4. Review and Act When the workflow completes, Neo summarizes everything it found and did:
    • Validated findings: vulnerabilities, exposures, or misconfigurations confirmed by testing.
    • Evidence: payloads, logs, request/response traces, and validation proof.
    • Next actions: automatically generated tickets or pull requests for review.
    • Full trace: every command and reasoning step for audit or replay.
    Because Neo’s reasoning is transparent, you’ll always see how it got to a conclusion, not just the result.
  5. Continue the Chain Neo doesn’t forget what it has seen. It retains memory of assets, prior tests, and fixes, using that context to improve future runs. You can easily chain workflows, for example:
    • After discovery, trigger testing and triage automatically.
    • After remediation, have Neo retest all affected endpoints.
    • After regression, generate updated executive summaries.
    Every run makes Neo smarter, learning what matters most in your environment, and adapting its workflows to your security program over time.

First-Time Workflow Ideas

Here are a few high-signal tasks you can try to get familiar with Neo’s behavior. They’re small, scoped, and safe to run, designed to help you observe Neo’s planning, execution, and reasoning.
  • API Security: “Scan this API endpoint for broken access control and rate limit bypasses.”
  • Code Review: “Review the commit diff in repo-X for possible SQL injection or sensitive data exposure.”
  • External Exposure: “Scan app.example.com for exposed admin panels, debug endpoints, and sensitive configuration files like .env or config.json.”
  • Patch Validation: “Re-test the fix for SEC-1234 in the payments API and confirm closure.”
  • App Logic Testing: “Audit the checkout workflow in staging for privilege escalation paths.”
These are ideal starter ideas and each demonstrates Neo’s ability to chain discovery, testing, and validation steps while explaining its reasoning throughout.

Using Neo Effectively

Once you’ve seen Neo complete a workflow end to end, the next step is learning how to collaborate with it effectively. Neo works best when you treat it like a security engineer on your team: share intent, give context, and let it think and work through the details. You can brief it like a teammate, describing what to test, what to avoid, and what success looks like, or give it freedom to explore creatively, like you would to a red teamer.
  • When your goal is specific, Neo executes with precision:
    “Test the staging API for authentication flaws and create tickets for confirmed issues.” “Re-scan assets discovered last week and flag new endpoints only.”
  • When your goal is broad, Neo thinks like an attacker: exploring systems creatively to uncover real paths to risk:
    “Find ways to move laterally from our exposed APIs into internal systems.” “Explore potential privilege escalation paths across the staging environment.”
In both cases, Neo plans a multi-step workflow: mapping assets, selecting tools, chaining tests, and adapting its approach as it learns more about your environment. It can pivot between structured workflows and creative exploration seamlessly. Quick Tips
  • Use clear intent, but don’t be afraid to give Neo open-ended goals; it performs well in both.
  • Provide context once: Neo remembers and builds on it.
  • Interact mid-run: steer or refine in real time.
  • Chain workflows for compounded efficiency and coverage.
  • Review outputs early: transparency builds trust quickly.
  • Iterate toward autonomy: start guided, scale over time.