Where AI Helps
AI-assisted analysis can support multiple stages of the scan lifecycle:| Stage | AI-Assisted Value |
|---|---|
| Discovery review | Identify suspicious endpoint names, parameter patterns, exposed admin surfaces, and API shapes that deserve deeper checks. |
| Crawling and parameter context | Help classify forms, request parameters, API routes, and response patterns so relevant checks can be prioritized. |
| Vulnerability detection | Assist with identifying anomaly patterns in HTTP evidence, response differences, weak access patterns, and issue-specific signals. |
| False-positive reduction | Review whether evidence is strong enough, whether a version-based match has enough context, or whether a finding should be marked for human validation. |
| Deduplication and grouping | Help explain related findings that appear across similar endpoints, hosts, or services. |
| Prioritization | Combine severity, exploitability, KEV, EPSS, exposure, authentication context, and business-facing surface into clearer remediation order. |
| Remediation guidance | Convert technical evidence into practical fix guidance for security, infrastructure, and application teams. |
| Bilingual reporting | Produce clearer English and Vietnamese explanations, summaries, and executive-level narratives. |
AI Configuration Options
Administrators can choose the AI integration model that matches their data policy:| Option | Best For | Notes |
|---|---|---|
| AI cloud API token | Fast enablement and elastic capacity. | Use a provider approved by the organization. Review what scan context may be sent. |
| Local/private AI endpoint | Sensitive environments and on-premises deployments. | Keeps analysis traffic inside the customer-controlled environment. |
| Dedicated AI worker or agent | Larger deployments or restricted networks. | Separates scanning workload from AI analysis and allows independent resource control. |
Data Handling
Before enabling AI, decide which scan context is allowed to be processed:- Vulnerability titles, severity, CWE/CVE, and remediation context.
- Affected URL, host, port, service, technology, and version evidence.
- HTTP request/response snippets where needed for analysis.
- Authentication context status, without exposing secret tokens or passwords.
- Business labels such as production, staging, customer-facing, or critical.
Scale Model
VulnScan scales through concurrency, persistence, and workflow separation:| Layer | Scale Mechanism |
|---|---|
| Discovery | Concurrent host discovery, subdomain discovery, live probing, and port scanning with configurable rate limits. |
| Fingerprinting | Parallel service fingerprinting, HTTP probing, TLS probing, technology detection, and protocol-specific checks. |
| Crawling | Web and API endpoint discovery with bounded crawling and parameter extraction. |
| Detection | Concurrent verification workers and targeted checks to avoid running every check blindly against every endpoint. |
| AI analysis | Optional background analysis that can run through a cloud provider, local endpoint, or dedicated worker. |
| Enrichment | Local intelligence data for CVE, CVSS, EPSS, KEV, CWE, OWASP Top 10, and WSTG. |
| Storage | Database-backed scan history, findings, source metadata, triage state, and report jobs. |
| Reporting | CSV/JSON exports for automation and PDF exports as background jobs. |
| Automation | CLI supports target files, multiple targets, subdomain expansion, output directory control, language selection, and CI/CD usage. |
Default Concurrency Profile
The default configuration is tuned for balanced throughput:| Area | Default |
|---|---|
| Discovery workers | 256 |
| Port scan rate limit | 1000 |
| Port scan profile | Top 1000 TCP ports |
| Fingerprint workers | 50 |
| Service-version parallelism | 4 |
| Active detection workers | 25 |
| Enrichment workers | 10 |
Large-Scale Scan Strategy
For a large workspace:- Add root domains and owned CIDR ranges first.
- Run discovery to understand real asset volume before broad scanning.
- Split large portfolios by business owner, environment, or risk tier.
- Use scheduled scans for critical production assets.
- Use CLI scans for CI/CD pipelines, batch automation, and controlled recurring jobs.
- Enable authenticated scan context for applications where important functionality is behind login.
- Enable AI-assisted analysis when the organization wants deeper evidence review, prioritization, and remediation explanation.
- Export CSV/JSON for SIEM, ticketing, data lake, or workflow automation.
- Use PDF for human-readable reports and executive delivery.
- Configure email notifications so scan completion and PDF export readiness do not depend on an open browser tab.
Data Consistency at Scale
Standard scans launched from Web UI, CLI, or schedules are written to the same database. This matters when multiple teams use the product:- CLI automation can run overnight.
- Analysts can review the results in the Web UI the next morning.
- Reports can be generated from the same persisted scan.
- Scan source remains visible for auditability.
- Finding triage state stays consistent regardless of how the scan was launched.