Tue 30 June 2026
Most security scans start every release from zero. The app gets scanned again. The same paths get explored again. The same behavior gets rediscovered again. Meanwhile, the application only changed in a few places. A dependency was updated. A new SDK was added. A login flow changed. A feature was rebuilt. The application moved forward, but the scan went back to day one.
This release brings several major improvements to Deep Agentic Scan.
Mobile execution is now faster thanks to improvements in scaling and device management. Reverse engineering capabilities have been upgraded to give the agent a deeper understanding of application behavior before testing begins.
Vulnerability detection has been improved through better planning and tooling, while historical scan processing now supports incremental coverage across assessments instead of treating every scan as a fresh start.
The release also introduces improved vulnerability chaining for stronger risk prioritization, alongside Ostorlab-managed Cyber Models for both mobile and web testing.
Faster Mobile Scans
Deep mobile testing requires more than uploading an APK or IPA.
Applications need to be installed, launched, exercised, monitored, and tested while running on real devices. The infrastructure behind those devices determines how quickly testing starts and how well it scales.
We improved the scaling and device management infrastructure behind Deep Agentic Scan.
This reduces setup overhead, improves device orchestration, and allows deep mobile testing to run faster and more consistently across release cycles.
Deep testing becomes easier to run regularly instead of being reserved for occasional assessments.

Improved Reverse Engineering Capabilities
Improved Reverse Engineering Capabilities
A scan cannot make good decisions if it does not understand the application first.
Before an agent can decide what to test, it needs to understand how the application is built, where functionality lives, and which components deserve attention.
We upgraded the reverse engineering infrastructure used by Deep Agentic Scan to improve how the agent explores binaries, identifies relevant code paths, and investigates application behavior.
In the example below, the agent first searches the application for functionality related to deep links, WebViews, browsers, and URL handling.

The agent then selected specific functions for deeper analysis and automatically decompiled them to understand their implementation details.

This allows Deep Agentic Scan to move beyond simple pattern matching and build a deeper understanding of how application components interact before deciding what to test next.
Better understanding leads to better testing decisions.
Stronger Planning and Tooling for Vulnerability Detection
Finding vulnerabilities is not simply a matter of running more tests.
The difficult part is deciding which signals deserve investigation, which tools should be used next, and which attack paths are worth following.
We improved the planning and tooling capabilities behind Deep Agentic Scan.
This allows the agent to make better decisions during testing, spend more time investigating suspicious behavior, and follow promising attack paths further before deciding whether a finding is real.
The goal is not more findings.
The goal is more findings that matter.

Historical Scan Processing for Incremental Coverage
Applications change every release, but most scans behave as if they have never seen the application before.
Previous findings, explored functionality, validated attack paths, and known behavior are discarded after every scan.
We improved historical scan processing to allow Deep Agentic Scan to use information gathered during previous assessments.
Instead of rediscovering what is already known, future scans can spend more time testing new functionality, changed behavior, and areas that deserve additional attention.
Repeated scans become cumulative instead of repetitive.

Improved Vulnerability Chaining and Risk Prioritization
Security teams rarely struggle because they lack findings. They struggle because they lack context.
A hardcoded credential, an exposed API, and an overly permissive token may all appear as separate issues in a report, even though an attacker would treat them as a single attack path.
Deep Agentic Scan now improves vulnerability chaining and risk prioritization by validating findings, following pivots automatically, and measuring the impact of the resulting attack path rather than stopping at the initial discovery.
The example below started with the discovery of hardcoded Auth0 M2M credentials embedded in an iOS application.

The scan first validated that the credentials were active and capable of issuing production JWTs for an internal service rather than reporting them as an unverified secret exposure.
Further analysis of the issued JWT revealed the available scopes, audience information, signing infrastructure, and additional targets that could potentially accept the token.

The scan then identified that the same credentials could authenticate against the Auth0 Management API audience and automatically validated the resulting access and permissions.

What initially appeared to be an internal service credential had now expanded into identity infrastructure access with administrative capabilities.
Finally, the scan validated the business impact by performing non-destructive user enumeration against the tenant and demonstrating access to sensitive user information and administrative scopes.

What started as a high-severity hardcoded credential issue became a critical finding with demonstrated access to tenant-wide user data.
This is the difference between more findings and better findings.
The goal is not to produce larger reports. The goal is to identify the small number of issues that can become security incidents and place them at the top of the queue.
Managed Cyber Models
Deep Agentic Scan now includes Ostorlab-managed Cyber Models for both mobile and web assessments.
Teams can run OpenAI-backed models immediately without managing API keys, model infrastructure, or integrations themselves.

These models strengthen the agent's ability to understand application behavior, choose testing strategies, investigate suspicious signals, and validate potential vulnerabilities during a scan.
Learn more about Ostorlab Cyber Models
Transparent Attack Validation
Security teams should not have to trust a black box.
Deep Agentic Scan provides visibility into the attack paths, decisions, and validation steps taken during testing.
Teams can see what was tested, what was validated, and how a finding was reached.

Flexible Testing Depth
Not every assessment needs the same level of depth.
Teams can choose testing durations ranging from focused one-week assessments to engagements comparable to an eight-week penetration test, depending on their objectives and timelines.

These improvements help Deep Agentic Scan spend less time rediscovering known behavior and more time validating the risks that matter.
Learn more about : Web Deep Agentic Deep Scan and Mobile Deep Agentic Scan.
Table of Contents