Projects

Tracking Vulnerabilities

PAIStrike automatically discovers and tracks vulnerabilities found during test jobs. Findings are centralized across your project, making it easy to prioritize remediation and monitor progress.

Severity Levels

Every vulnerability is assigned a severity level based on its potential impact:

SeverityColorDescriptionTypical Remediation Timeframe
CriticalRedImmediate exploitation risk; complete system compromise possible24–48 hours
HighOrangeSignificant risk; could lead to data breach or unauthorized access1 week
MediumYellowModerate risk; exploitable under certain conditions1 month
LowBlueMinor risk; limited impact3 months
InfoGrayInformational only; no immediate exploitation riskAs needed

These timeframes are guidelines. Your organization's security policy may define different SLAs.

Viewing Vulnerabilities

Project-Level View

To see all findings across an entire project:

  1. Open the project.
  2. Click the Vulnerabilities tab.
  3. All findings from all assets and jobs within the project are listed here.

Asset-Level View

To see findings for a specific asset:

  1. Open the project.
  2. Click on an asset.
  3. Click the Vulnerabilities tab on the asset detail page.

Job-Level View

To see findings from a specific test execution:

  1. Open the job.
  2. Findings are listed directly on the job results page.

Vulnerability Detail

Click any vulnerability to view its full detail:

  • Title — a concise name for the vulnerability (e.g., "Reflected XSS in Search Parameter")
  • Severity — the assigned severity level
  • Asset — which asset this was found on
  • Discovered — timestamp of when the AI found it
  • Description — explanation of the vulnerability, including what it is and why it matters
  • Steps to Reproduce — a step-by-step guide for manually confirming the issue
  • Evidence — screenshots, HTTP request/response payloads, or other proof of exploitability
  • Remediation — recommended steps to fix the issue
  • References — links to CVEs, CWEs, or relevant security advisories

Filtering and Sorting

Use the filter bar at the top of the vulnerabilities list to narrow results:

  • By severity: Show only Critical, High, Medium, Low, or Info findings
  • By status: Filter by Open, In Progress, Resolved, or Accepted Risk
  • By asset: Scope findings to a specific asset
  • By job: View findings from a specific test run
  • By date: Filter by discovery date range

Sort the list by severity, discovery date, asset name, or status.

Vulnerability Statuses

Track the remediation lifecycle of each finding:

StatusMeaning
OpenNewly discovered; no remediation action taken
In ProgressRemediation work has started
ResolvedFix has been applied (pending verification via retest)
Accepted RiskOrganization has decided to accept this risk without fixing it

To update a vulnerability's status:

  1. Open the vulnerability.
  2. Click the Status dropdown.
  3. Select the new status.
  4. Optionally add a note explaining the decision.
  5. Click Save.

Exporting Vulnerability Data

Vulnerability data is included in generated reports. See Generating a Report for details on exporting findings as a structured PDF document.

Running Jobs

Previous Page

Generating a Report

Next Page

On this page

Severity LevelsViewing VulnerabilitiesProject-Level ViewAsset-Level ViewJob-Level ViewVulnerability DetailFiltering and SortingVulnerability StatusesExporting Vulnerability Data