Running a scan
Pick surfaces, modes, depth, and execution mode. What each setting changes about how the scan runs.
A scan is a single autonomous run against a verified target. You pick which surfaces to attack, how aggressive to be, and where the orchestrator runs.
Surfaces
| Surface | What it covers |
|---|---|
| AI | LLM-backed apps, prompt endpoints, RAG, tools, agents, MCP servers |
| Web | HTML pages, forms, IDOR, auth bypass, injection |
| API | REST, GraphQL, broken object-level authorization |
| Cloud | AWS, GCP, Azure roles, S3/buckets, metadata abuse |
| Hosts | Active Directory, Kerberoasting, lateral movement (requires the on-prem agent) |
You can run any combination. The orchestrator picks attack modules based on what is actually present at the target; running every surface is fine even if your app is AI-only.
Modes
- Safe Mode (default). Non-destructive payloads. Read-only probes. Required for shared infrastructure, production, or anything you do not own outright.
- Aggressive Mode. Destructive payloads enabled. Required to confirm full impact on certain finding classes. Gated by an extra Aggressive-Mode-enabled flag on the target.
- Stealth Mode. Subset of Safe with rate limiting that mimics low- noise traffic. Useful when you do not want WAF logs flooded.
Depth
quick runs the highest-priority modules and stops at first chain.
standard runs all modules. deep runs modules iteratively, including
multi-turn chains and re-tries.
Execution mode
- Cloud. Brektra runs the scan on our infrastructure. Default. Suitable for AI/Web/API/Cloud surfaces.
- Local. The scan runs through your on-prem Brektra Engine. Required for Hosts surface. Set up the engine in Settings → Engines.
Cost
Each scan is metered against your plan's scans allowance. The
mission-control panel shows live cost (LLM and compute) as the scan
runs. Free runs cap at a smaller iteration ceiling than paid plans.