Knowledge Base

Knowledge Base Overview

The Knowledge Base is a repository of context documents that PAIStrike's AI uses to improve the accuracy and relevance of penetration tests. By providing the AI with information about your target environment, you enable it to perform more intelligent and targeted testing.

Why Use the Knowledge Base?

Without a knowledge base, PAIStrike's AI approaches every target as a complete unknown (black box mode). With a knowledge base, you can provide:

  • Application documentation to help the AI understand functionality
  • API specifications so the AI tests every endpoint correctly
  • Source code snippets to identify logic vulnerabilities
  • Q&A pairs that encode your team's institutional knowledge
  • Configuration details that guide authentication and scope

A well-stocked knowledge base typically increases vulnerability discovery rate and reduces false positives.

Knowledge Base Scope

Knowledge bases are scoped to an organization. All projects and assets within the organization can use the shared knowledge base.

Content Types

PAIStrike supports four types of knowledge base content:

QA (Question & Answer)

Structured pairs of questions and answers. Use this to encode specific knowledge about your target:

  • Q: "What authentication mechanism does this API use?" A: "JWT tokens with RS256 signing, issued by the /auth/token endpoint."

  • Q: "What are the admin roles in this application?" A: "Roles are: superadmin, org_admin, user. Superadmin can access /admin/* endpoints."

Document

Uploaded text or PDF documents. Use this for:

  • Application security specifications
  • Threat models
  • Previous pentest reports
  • Architecture diagrams (with textual descriptions)
  • Compliance requirements

Code

Source code files or snippets. Use this for:

  • Authentication logic
  • Authorization middleware
  • API route definitions
  • Known vulnerable code areas to focus testing on

Mixed

A flexible type that combines multiple formats in a single entry — useful when you have rich context that doesn't fit neatly into one category.

Knowledge Base vs. White Box Job Config

FeatureKnowledge BaseWhite Box Job Config
ScopeOrganization-widePer job
PersistentYesConfigured per job
Best forGeneral context, documentationCredentials, specific test instructions

Use the Knowledge Base for persistent, reusable context. Use White Box job configuration for test-specific instructions like credentials or targeted test cases.

Next Steps

Exporting PDF

Previous Page

Managing Content

Next Page

On this page

Why Use the Knowledge Base?Knowledge Base ScopeContent TypesQA (Question & Answer)DocumentCodeMixedKnowledge Base vs. White Box Job ConfigNext Steps