Reading a replay
Walk a kill chain step-by-step. Inspect requests and responses. Share a signed replay link with your team or auditor.
Every confirmed exploit produces a replay. The replay is the single-sentence answer to the questions a CISO actually asks: what did you do, what worked, and how do I prove it again?
Tree
The left pane is the kill chain rendered as a React Flow tree. Each node is one step the agent took. Click a node to focus it; the inspector on the right shows the request, response, and the agent's reasoning trace for that step.
Inspector
- Request. Exact HTTP request (or LLM call payload) the agent sent. Headers stripped of auth secrets when shared publicly.
- Response. Server response. For LLM calls, this is the model's output.
- Reasoning. The agent's structured thinking at that step. Useful for understanding why a particular chain branched.
- Proof artifact. When a step confirms an exploit, the artifact appears here: leaked secret, retrieved canary, exfiltrated content, bypass evidence.
Playback
The bottom controls advance the kill chain step-by-step. Useful for walking a finding with a non-technical stakeholder.
Sharing
Click Share to mint a signed, password-protected link. The link is HMAC- signed; tampering invalidates it. You choose the expiration (7, 30, 90 days, or never). Share with auditors, customers, or internal teams that do not have a Brektra account.
Public demos are different: those go in the Attack Atlas feed and are sanitized of all customer-identifying content.