VITI Security

Vexta · AI Vulnerability Scanning

Vulnerability scans in seconds. Real findings, not noise.

Vexta is an agentless, AI-augmented vulnerability scanner and pentest platform we built in-house. It verifies its own findings before a human sees them, ranks what actually matters, and runs as a single self-hosted binary. We use it on every VITI engagement before we file a single finding.

The problem

Most scanners hand you a list. They don't tell you what's real.

Classic scanners fingerprint a version, match it to a CVE feed, and dump a few hundred 'maybes' on your desk. Half are false positives. Most are unreachable or unexploitable in your actual environment. Your team burns days triaging noise, and the one finding that would have mattered gets buried on page nine.

  • Long unverified CVE lists that nobody has time to read
  • No way to tell a real, exploitable bug from a version-match guess
  • Severity scores that ignore whether the asset is even reachable
  • SaaS pricing per asset, and your scan data sitting on someone else's servers

Why Vexta

Built by pentesters. Tuned by AI. Verified before you read it.

Vexta pairs deep, OWASP-grade scanning with a proof-of-exploitation layer and an AI triage step, so what reaches you is short, ranked, and worth acting on.

Proof-of-exploitation

Before a finding reaches you, a non-destructive verifier tries to safely confirm it. Findings come back proven, refuted, or unproven - never a false 'all clear' just because the target blipped offline.

Vexta Confidence Score

Every finding gets a 0-100 score combining severity, detector confidence, proof status, reachability, EPSS probability, and CISA KEV status. Sort by it and the 3% that matters floats to the top.

25+ vulnerability classes

SQLi, XSS, SSRF, SSTI, XXE, IDOR/broken access control, request smuggling, GraphQL, SSO/OAuth/SAML, and more - not just CVE version-matching.

10,000+ CVE templates, offline

Templates are bundled into the binary with a local NVD mirror, so scans don't wait on a flaky external feed and run air-gapped on day one.

AI-triaged findings

An LLM layer adds context and remediation guidance and helps cut false positives. Bring your own Anthropic, OpenAI, Gemini, or Azure key - your scan content stays under your control.

CI/CD and reports humans read

SARIF and JUnit output drop into GitHub, GitLab, and Jenkins. Reports export to HTML, PDF, and Word with an executive summary and remediation steps - no exporting to a spreadsheet.

How it works

Point it at a target. Get a short, ranked, verified list.

01

Recon & fingerprint

Vexta maps the attack surface - subdomains, endpoints, technologies, exposed services - using 40+ passive sources plus active discovery.

02

Scan

It probes for 25+ vulnerability classes with type-aware payloads, CMS and API deep-scanners, and a local CVE database. WAF-aware throttling keeps it quiet.

03

Prove

Each candidate finding goes through a non-destructive verifier that safely confirms or refutes it. Network errors never produce a false 'refuted' - they stay unproven.

04

Rank & report

Findings sort by the Vexta Confidence Score, with AI-generated context and fix guidance. Export to PDF, SARIF, or your bug-bounty platform.

Who it's for

One engine, three kinds of user.

SMBs without a security team

Run Starter against your own app or let VITI run it for you. You get a short, prioritized list and plain-English fixes instead of a 200-line CVE dump you can't action.

Pentesters & bug-bounty hunters

Pro adds the full proof-of-exploitation engine, the intercepting proxy, PoC generation, and one-click export to HackerOne and Bugcrowd.

Security teams & MSPs

Enterprise adds multi-seat RBAC, attack-path chaining, ASPM reachability scoring, scheduled scans, and compliance reporting mapped to OWASP, NIST, PCI-DSS, and SOC 2.

What's under the hood

10,000+
CVE templates bundled in the binary
25+
Vulnerability classes detected
1
Self-hosted binary, zero external dependencies

Vexta - the technical details

Is Vexta agent-based or agentless?
Agentless. You don't install anything on the systems being scanned. Vexta reaches targets over the network - web apps, APIs, hosts, exposed services - the same way an attacker would. The only thing you install is the Vexta binary itself, on a machine you control.
How is it different from Nessus or Qualys?
Traditional scanners are version-matchers: they fingerprint software, look it up in a CVE feed, and hand you a long list of 'maybes' to triage yourself. Vexta adds a proof-of-exploitation step that safely tries to confirm each finding, then ranks everything with a 0-100 confidence score that factors in reachability, EPSS probability, and CISA KEV status. You get a short, verified list instead of a long unverified one. It's also a single self-hosted binary - no per-asset SaaS subscription, and your scan data never leaves your machine.
Is it self-serve or managed?
Both. You can license Vexta and run it yourself (Starter, Pro, or Enterprise), or have VITI run it for you as part of an engagement. We run Vexta on every client engagement before we file findings, so the managed path is just us using the same tool we sell.
Is my scan data sent to a third-party LLM?
Only if you turn AI features on, and only with a key you provide. AI triage is bring-your-own-key (Anthropic, OpenAI, Gemini, or Azure) and is cost-capped per scan. With AI disabled, Vexta still scans, verifies, and ranks - it just skips the LLM-generated context. All scan results, audit logs, and findings stay on the machine where the binary runs; the only thing that talks to our license server is your license key and hardware ID.
Which CI/CD platforms does it fit into?
Vexta emits SARIF 2.1.0 and JUnit XML, so it drops into GitHub Code Scanning, GitLab security dashboards, Jenkins, CircleCI, and TeamCity. It's a single Linux binary with standard exit codes and JSON output, so anything that can run a binary in a pipeline can gate builds on a clean scan.
How much does it cost?
There are three plans - Starter, Pro, and Enterprise - that unlock features by license, all from the same binary. Pro and Enterprise can request a time-limited trial. Current numbers, currencies, and seat limits live on our pricing page.

Stop drowning in low-signal scanner output.

Run Vexta on one target and see a short, verified, ranked list - or let our team run it for you. Either way, you get the same tool we trust on our own engagements.