The Findings tab
Open the Findings tab to see everything that has been confirmed during the task. Findings are sorted by severity: Critical, High, Medium, Low, and Info. Each finding also has a confidence score so you can see how certain the agent is about it.
Every finding has the evidence that backs it up attached directly to it. This includes the raw command output, the specific response or behavior that confirmed the issue, and a screenshot taken automatically by Playwright as visual proof.
How findings are created
When the AI Operator confirms a vulnerability, it creates a finding automatically. It verifies the issue before logging it, so findings in the list represent confirmed vulnerabilities, not just scanner noise.
The agent can also spawn a sub-agent specifically to capture proof for a finding, making sure the evidence is solid before it goes into the report.
Loot tab
Credentials, hashes, tokens, and other captured artifacts go into the Loot tab rather than Findings. If the agent recovers a password hash, an API key, or a session token, it ends up there. Loot items are stored securely and credentials are redacted when the report is exported.