Issues

Issues is a persistent vulnerability database that aggregates every finding your agents discover. Agents read from and write to the same database, which means context accumulates across tasks and runs. An issue is only filed after a validation step, so the data starts clean. Browse, filter, and act on findings at two scopes: within a specific project, or across your entire workspace.

​

Project issues

The Issues tab inside a project shows all findings from tasks in that project. This is where you track the security posture of a specific application, engagement, or codebase.

​

Workspace issues

The central Issues view (accessible from the sidebar at /issues) aggregates every finding across all projects, tasks, and team members in your workspace. This is your unified vulnerability dashboard, with cross-team attribution so you can see what every agent discovered and who ran it.

​

What each issue shows

Every issue in the list includes:

• Title: a concise description of the finding
• Severity: Critical, High, Medium, Low, or Info
• Status: Unverified, Confirmed, or Open
• Target: the host, URL, or repository where the finding was identified
• Created by: the team member whose task surfaced it
• Last activity: when the issue was last updated

Open any issue for full details: reproduction steps, evidence, payload, timeline, and all tasks linked to that finding. The severity breakdown at the top gives you a quick count per level. Click any pill to filter to that severity. Use Search to find issues by title, description, or host. Use Filters to narrow by status, target, severity, or date range.

​

Challenge & Verify

Challenge & Verify re-tests a finding by spinning up a new task scoped to that issue. The agent attempts to reproduce the vulnerability from scratch, independently of the original run. Use this to confirm exploitability before escalating, sharing with stakeholders, or filing a report.

​

Escalate

Escalate pushes exploitation depth further. Instead of just confirming the finding exists, the agent attempts to demonstrate impact: chaining into adjacent systems, extracting data, or reaching a meaningful exploitation outcome. Use this when a confirmed finding needs a stronger proof of concept.

​

Feedback that carries forward

Your actions on issues shape how agents behave in future runs.

• Mark as false positive: the agent filters similar findings in subsequent tasks
• Flag as out of scope: the agent respects that boundary going forward
• Add business context: notes and context you attach to an issue are available to every future agent working in the same project

Over time, the system gets better at filtering noise, respecting your scope, and recognizing patterns you have already triaged.

​

Regression testing

Previously resolved issues are automatically re-checked in future tasks. If a fix regresses, it surfaces again. The issues database is the source of truth for what has been found, verified, resolved, and re-tested across your entire security program.

​

Issue Context

The Issue Context button opens an editor where you define persistent instructions for how agents evaluate and report findings. Use it to set severity thresholds, required evidence fields, or reporting conventions that apply consistently across all issues in that scope.

​

Issue statuses

​

Downloading issues

Click the download icon to export the current filtered issue list for external trackers, stakeholder reports, or audit records.