Quick clarifications (to avoid ambiguity / keep this responsible): Authorized only: we run this strictly within explicit VDP/bug bounty scopes. We do not run it as a general internet crawler. Human-in-the-loop: the system drafts a report + evidence, but a human makes the final call and we never auto-submit. Scope-enforcing proxy: all outbound traffic is forced through a gate with default-deny, FQDN allowlists, method constraints, rate/concurrency caps, and full allow/deny logging. “Safe PoC” policy: we prioritize read-only verification patterns and stop on signs of instability (error spikes, account risk, unexpected side effects). We’re not sharing real-world exploit payloads here. Metrics: “84% labs solved” refers to server-side lab completion outcomes; details / breakdown are in the README. The thing we’re most interested in feedback on is the “impact gap”: how would you teach an agent to estimate business severity (or chain low-severity issues into a meaningful impact narrative) without pushing into risky/destructive testing?