Concepts & limits

The words we use — and the lines we don't cross.

Xseth uses precise language on purpose. Here is what every term means, followed by an unflinching list of what the product deliberately does not do today. If a claim isn't on the "ships today" side, you'll find it fenced as roadmap — never blurred into the present.

Glossary

CORTEX
The cognitive core of Xseth — the parts that reason rather than just scan. It runs the Observe, Orient, Decide, Act cycle over a shared model of your attack surface.
OODA loop
Observe (scan) → Orient (rank and chain findings) → Decide (continue or stop?) → Act (validate). A bounded decision loop with a hard step budget and a full audit trail, so it always terminates.
World-model
A persistent graph of your hosts, subdomains, services, web endpoints and the edges between them. The agent reasons over this structure instead of raw output, and it grows as you re-scan.
Attack chain
A multi-step path where individually-low findings combine into a high-severity outcome — "exposed config + weak service → real access". Candidate reasoning, not proof; an empty result is valid.
CONFIRMED
A finding a non-destructive probe reached and matched real evidence against. It means the issue is genuinely there and reachable — reachability, not exploitability.
Unproven
A finding the model flagged but no probe has validated yet. Shown honestly as unproven rather than asserted as fact; you can request a probe to confirm it.
Thoth
Xseth’s grounded chatbot — named for the keeper of knowledge — that sits on every assessment. It answers questions about that scan’s findings, validations, attack paths and decisions, citing the pipeline data behind each answer. It is read-only: it explains the scan, it never launches one or invents a finding.
Non-destructive probe
A validation check that confirms a finding is real and reachable without exploiting it — no code execution, no data exfiltration. Run automatically for safe classes.
Active-payload probe
A check that sends real attack traffic (for example injection or default-credential tests). These never run on their own — they require explicit operator approval and a one-time, scope-bound token.
Scope
The set of domains and IPs you are authorized to scan. Every action is re-validated against your scope before it runs; reserved and internal addresses are hard-blocked outright.
Force multiplier
How we position Xseth: a tool that makes one security engineer faster and sharper — not a replacement for a human tester or a compliance-grade pentest.
The honest ceiling

What Xseth does not do

A skeptic's most useful question is "what can't it do?". Here is the straight answer. These are not limitations we hide — they are the boundary we designed in. Anything beyond it that we are building toward stays scope-bound, approval-gated, and audited.

  • Exploit vulnerabilities or break into systems
  • Reuse captured credentials or escalate privilege
  • Move laterally across a network
  • Run active-payload probes without operator approval
  • Scan anything outside your authorized scope
  • Touch your source code or secrets — only recon metadata is processed
  • Replace a manual penetration test or a compliance engagement