Powered by our in-house leading OSS engine
pwnkit
CLI Cloud
Operator Preview

Adversarial reliability control plane

A fuller preview of the managed operator surface: protected targets, recurring scans, exploit-backed findings, and artifact bundles. Same dashboard grammar as OpenSOAR, but applied to the pwnkit cloud product.

Operator surface

The product should look like
an operator console.

Same dashboard grammar as OpenSOAR: narrow chrome, queue-first layout, detail panels, and evidence that feels operational instead of ornamental. This is the managed surface the cloud product is growing into.

pwnkit.cloud/operator/acme-ai/staging
Dashboard
Adversarial reliability control plane
Protected targets, recurring scans, findings queue, and artifact bundles in one operator flow.
Open findings
9
4 high · 3 medium · 2 low
Active scans
3
1 prod · 2 staging
Protected targets
12
APIs · MCP · apps
Artifact bundles
27
evidence + context
Findings queue
The review layer between raw attacks and customer-facing artifacts
Finding Severity Status Updated
Prompt injection causes unauthorized tool call chain
agent-api-staging
 high pending review 4m ago
MCP file server permits path traversal outside allowed root
mcp-files-prod
 critical true positive 12m ago
Agent backend leaks hidden system prompt in retry path
chat-gateway-prod
 medium pending review 19m ago
Model response chain triggers unbounded tool recursion
agent-api-staging
 high investigating 31m ago
Protected targets
Target class, environment, auth mode, and scoped reach
agent-api-staging
staging.example.com /api/agent
agent_backend
static_header
staging healthy
mcp-files-prod
mcp.internal.company / files, shell
mcp_server
mcp_bundle
production restricted
chat-gateway-prod
api.company.com /v1/chat
llm_api
oauth_token
production watch
Artifact bundle
The output package handed to engineering and security
ab_01JQ8X7P
Target context
  • target class: agent_backend
  • environment: staging
  • auth mode: static_header
  • allowed host: staging.example.com
  • allowed path: /api/agent
Exploit evidence
  • proof: tool invocation transcript attached
  • request chain captured across 3 turns
  • agent executed unauthorized internal tool call
  • replay status: reproducible on second run
Engineering handoff
  • root cause: tool authorization boundary too broad
  • affected path: /api/agent/execute
  • recommended owner: platform-security
  • artifact bundle id: ab_01JQ8X7P