Is it a pre-requisute for the agents to have access to the source code to generate attack strategies?
How about pen-testing a black box?
Does the potential vulnerabilities list is generated by matching list of vulnerabilities that are publicly disclosed for the framework version of target software stack constituents?
I am new to LLMs or any ML for that matter. Congrats on your launch.
Thanks so much.
Great question, it is not required but we recommend it. If you don't include the source code, it would be black box. The agents won't know what the app looks like from the other side.
The agents identify vulns using known attack patterns, novel techniques, and threat intelligence.