Documentation

What Xseth is — and what it isn't.

Xseth is a recon and AI-triage teammate. It maps your attack surface with the same tools a human tester reaches for, ranks the findings into a prioritized threat assessment with the evidence behind each one, non-destructively confirms the ones that matter, and writes it up as a report you can hand to a client — usually in under five minutes. It does not break in, and you stay in control of every decision.

How it worksUsing Xseth effectively

Two-minute walkthrough

Product walkthrough

Coming soon

Three layers, never blurred

A skeptical reader deserves to know exactly where the line is. We keep three claims separate and label every feature against them — so you always know what is shipping versus what we are building toward.

Ships today

A recon + triage teammate

Xseth runs the real tools, ranks the noise into a prioritized assessment with evidence attached, non-destructively confirms a class of findings, and exports a client-ready report. You can interrogate every result through Thoth, its grounded chatbot — always with a human in the loop.

Already built

A cognitive core

A persistent world-model of your attack surface, a reasoning pass that chains low findings into real paths, and a bounded decide-loop. This is what separates Xseth from a smarter scanner.

Roadmap

Proof of impact

Progressively more autonomous testing — always scope-bound, approval-gated, and audited. We fence this as future and never sell it as today.

Read next

02

How it works

The five acts of an assessment — submit, observe, orient, decide, act — and the cognitive core that reasons over your attack surface.

03

Using Xseth effectively

A practical walkthrough: authorize a target, run a scan, read the assessment and the badges, ask Thoth, and export the report.

04

Concepts & limits

A plain-language glossary of every term Xseth uses — and an explicit, unflinching list of what it deliberately does not do.

Straight answers

Is Xseth an autonomous hacker that breaks into my systems?

No. Today Xseth is recon plus AI triage with a human in the loop. It maps your attack surface, ranks the findings with evidence, and non-destructively confirms a class of them — it does not exploit, reuse credentials, escalate privilege, or move laterally. Those remain on the roadmap, and any future step there is scope-bound, approval-gated, and audited.

What does "CONFIRMED" actually mean on a finding?

It means a non-destructive validation probe reached the issue and matched real evidence — the finding is genuine and reachable, not a guess. It is reachability, not exploitability: Xseth proves the weakness is really there, it does not prove it can break in. Findings without that proof are shown honestly as unproven.

What can Xseth see — is my source code or data sent anywhere?

Only recon metadata — subdomains, ports, banners, HTTP and Nmap evidence — is processed by our LLM provider to produce the assessment. Never your source code or secrets, and only for targets you are authorized to scan.

How do I stay in control of what gets scanned?

Authorization is the spine. You can only submit targets on your authorized scope, an intake gate refuses off-limits categories outright, and every target the agent derives afterwards is re-checked against your scope before anything runs. Active-payload probes never fire on their own — they wait for an operator to approve them.

Does this replace a penetration test?

No. Xseth is a force multiplier for a security engineer — faster coverage, ranked findings, less noise. It supplements human-driven and compliance-grade testing between engagements; it does not replace them.