Quote based · Authorized scope

Autonomous pentesting with evidence that holds up.

Oryon explores authorized production environments like a real pentester. It maps attack surface, probes what matters, exploits valid weaknesses and closes every claim with reproducible technical evidence.

ORYON / autonomous mission control
LIVE
Target https://api.customer-demo.com Run run:oryon-demo:gpt55 Model openai.gpt-5.5
Turn 22/80
Tools 9 Evidence 14 Attention 1
Mission timeline 8 visible moves
Target check Map API routes and authentication boundaries.

HTTP inspection found account, billing and admin-adjacent routes under the authorized origin.

artifact:000021 evidence:000008
Agent decision Prioritize authenticated contrast.

Public signals are not proof; compare user-owned resources against authenticated-only endpoints.

Target check Test object access across two sessions.

Controlled request replay shows one account can request another account resource.

artifact:000042 evidence:000013
Run update Repeat blocked.

Equivalent probe blocked. Existing artifacts must be read instead of repeating the same endpoint.

artifact:000042
Proof check Candidate preserved for validation.

Impact path is promising but needs final reproduction and proof-stage assessment before reporting.

evidence:000014 evidence:000018
> oryon mission live - scope locked - evidence retained
Operating model

Built to act like a pentester, not a checklist.

The agent decides what to investigate next. The runtime enforces scope, captures evidence and stops weak claims from becoming reportable findings.

01

Start from authorization

The operator defines the target, constraints, credentials, callback rules and destructive-action limits in natural language.

02

Explore live attack surface

Oryon interacts with the approved environment, follows app behavior, tests APIs, compares sessions and keeps an operational notebook.

03

Exploit what is real

Promising signals are pushed to controlled exploitation, not left as scanner noise or theoretical risk.

04

Preserve technical evidence

Requests, responses, artifacts, sessions, tool outcomes and validation refs are attached to the run as durable proof.

05

Report only what holds

Findings must include reproduction, impact, security boundary and proof verifier approval before they become reportable.

Runtime

A pentest engine with proof built into the loop.

Strategy stays autonomous, but execution is controlled. Every meaningful action passes through scope checks, tool contracts and evidence handling.

01

Scope enforcement

Rules of engagement, allowed origins, rate limits, credential provenance and destructive-action boundaries are enforced before tool execution.

02

Tool contracts

HTTP, bash, artifact, search and research actions are explicit, validated and stored with structured outcomes instead of hidden manual steps.

03

Proof-first reporting

A finding is not treated as confirmed until exploitation evidence, validation refs, impact and reproduction all survive the proof gate.

Capabilities

Real testing surface, bounded by authorization.

Oryon can interact with web apps, APIs, sessions, scripts, scanners and public research, while keeping target proof separate from research-only context.

HTTP

Apps, APIs, forms and sessions

Inspect pages, submit forms, replay traffic, validate authentication and preserve exact request-response evidence.

BASH

Controlled scripts and tooling

Run bounded scanners, payload helpers, callbacks and non-HTTP probes with explicit risk profiles and policy preflight.

STATE

Memory, artifacts and proof debt

Keep findings, dead ends, sessions, claims and unresolved proof gaps visible until they are closed or ruled out.

RESEARCH

Public intelligence without false proof

Use docs, advisories and external context to guide testing, while never treating public research as target exploit evidence.

Outcome

What your team gets back.

A clear assessment based on what was actually tested, exploited, ruled out and left as proof debt.

Exploited and validated vulnerabilities with reproduction steps.

Evidence refs, artifacts, session context and technical impact.

Ruled-out branches and proof debt instead of vague unresolved noise.

Remediation direction that tells engineering what to fix first.

Quote-based scope aligned with the target, depth and environment risk.