RiftX
How It Works

See how a 30-minute retest becomes a 5-minute verdict

Submit a reported web finding with reproduction steps. RiftX turns a 30-minute manual retest into a verified verdict with full HTTP evidence in five minutes.

See the Verification Loop
RiftX retest submission form
Submission artifact

Steps-to-reproduce, target, and workflow context enter the system in a way pentesters can read quickly and trust.

Speed
5 min

average per retest

Output
HTTP traces + recording

evidence bundle attached

When unsure
Needs Review

returned instead of a guess

Input Model

Reproduction steps are the control surface

Payload is optional. Reproduction steps are the primary input, because that is how retesting actually starts in a consultancy.

Why this matters

The system works from what the pentester actually did, not from a perfect proof-of-concept that may never have been documented in the ticket.

POST /retests
{
  "target_url": "https://example.com/search",
  "vulnerability_type": "reflected_xss",
  "description": "XSS in search parameter",
  "steps_to_reproduce": [
    "Navigate to /search",
    "Enter payload in the q parameter",
    "Observe alert box fires"
  ]
}
Interpretation Layer

RiftX reads the steps, identifies the likely vulnerability profile, and chooses a verification strategy.

The goal is not to invent a new attack path. It is to replay the reported path faithfully and capture evidence cleanly.

Execution target

reported finding → replay → verify → seal evidence

Agent Loop

The ReAct verification loop

Observe, detect, act, and validate. Deterministic signals fire first, and the loop keeps itself honest by checking state change after every step.

01

Observe

The agent captures DOM state, console output, network activity, and browser events before it commits to the next action.

02

Detect

Deterministic signal detectors evaluate the observation first. Dialogs, timing, response artifacts, and headers are checked before any LLM fallback.

03

Act

Based on the current phase, the agent chooses the next browser action: click, type, submit, wait, or verify.

04

Validate

Each action is checked for state change. If the page stalls or diverges, the loop adapts instead of guessing.

Execution Transcript

Verification artifact in motion

isolated
Stage 01

Observation captured

Stage 02

Signal sweep running

Stage 03

Browser action selected

Stage 04

State change validated

Retest Log
running
00:00page loaded from reproduction steps
00:41goal set: verify reflected_xss from steps
01:36network and DOM baselines stored
03:12browser action validated for state change
04:24evidence bundle prepared
04:58verdict ready: Fixed
Evidence Quality

Evidence is part of the verdict, not an afterthought

Every verification bundle is designed to be reviewed by a human pentester after the agent finishes.

HTTP Traces

Full archive of every request and response

Screen Recording

Recording of the browser execution

HTML Report

Request/response visualization for your report

Integrity Seal

HMAC-SHA256-sealed evidence integrity

83%

less manual work per retest

5 min

average time to verdict

90%

reproduction accuracy

Decision States

Exactly three outcomes

No soft maybes and no vague probability language. The agent either verifies, cannot verify, or stops honestly at a review boundary.

Fixed

The reported vulnerability could not be reproduced. The fix appears effective.

Not Fixed

Vulnerability confirmed with reproducible evidence. The original issue persists.

Needs Review

Execution hit a safety or fidelity boundary, so the agent stayed honest.

When RiftX cannot verify, it returns Needs Review. It does not guess to create a prettier report.

Operating Constraints

Built-in safety limits

Every retest runs inside hard boundaries. If any limit is hit, the system terminates rather than improvising.

$5
Max Cost
per retest
15 min
Max Time
execution window
20
Max Actions
browser actions
30
Max LLM Calls
fallback only
API Surface

API-first from submission to result

Submit retests programmatically, track state cleanly, and attach the evidence bundle back into the rest of your tooling.

curl — submit retest
curl -X POST https://api.riftx.io/jobs \
  -H "Cookie: token=vt_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "target_url": "https://example.com/search",
    "vulnerability_type": "reflected_xss",
    "steps_to_reproduce": [
      "Navigate to /search",
      "Enter payload in the q parameter",
      "Observe alert box fires"
    ]
  }'
Response
{
  "job_id": "job_7f3a2b1c",
  "status": "queued"
}
Workflow Fit

Fits the tools your team already uses

RiftX receives reported findings and returns verified verdicts through the systems your team already relies on.

01

Vulnerability Reported

Jira / Burp Suite / API

02

RiftX Receives

Goal setting & planning

03

Browser Executes

Real Playwright verification

04

Verdict Returned

Evidence → back to your tools

available

REST API

Submit retests, poll results, and retrieve evidence programmatically. JSON in, JSON out.

available

Webhooks

Get notified in real time when a verdict is ready. Push results to any endpoint.

available

Jira

Auto-create verified finding tickets with HAR, GIF, and confidence score attached.

available

Slack

Team notifications when verifications complete. Verdict, confidence, and link to evidence.

available

Burp Suite

Right-click a finding in Burp and send it to RiftX for autonomous verification.

available

ServiceNow

Enterprise ITSM ticket creation with full evidence chain for compliance workflows.

View all integrations
Private Beta

Get your pentesters out of the retesting loop

Your pentesters should be finding vulnerabilities and writing reports, not manually retesting the same XSS for the third time this month.

Limited beta spots. No credit card. Set up in one session.