Product

Deep Scan Improvements: Faster Execution, Better Decisions, and Incremental Testing

The latest Deep Agentic Scan release introduces faster mobile testing, improved reverse engineering, stronger vulnerability detection, incremental coverage through historical scan processing, improved vulnerability chaining, and managed Cyber Models for mobile and web assessments.

Tue 30 June 2026

Most security scans start every release from zero. The app gets scanned again. The same paths get explored again. The same behavior gets rediscovered again. Meanwhile, the application only changed in a few places. A dependency was updated. A new SDK was added. A login flow changed. A feature was rebuilt. The application moved forward, but the scan went back to day one.

This release brings several major improvements to Deep Agentic Scan.

Mobile execution is now faster thanks to improvements in scaling and device management. Reverse engineering capabilities have been upgraded to give the agent a deeper understanding of application behavior before testing begins.

Vulnerability detection has been improved through better planning and tooling, while historical scan processing now supports incremental coverage across assessments instead of treating every scan as a fresh start.

The release also introduces improved vulnerability chaining for stronger risk prioritization, alongside Ostorlab-managed Cyber Models for both mobile and web testing.

Faster Mobile Scans

Deep mobile testing requires more than uploading an APK or IPA.

Applications need to be installed, launched, exercised, monitored, and tested while running on real devices. The infrastructure behind those devices determines how quickly testing starts and how well it scales.

We improved the scaling and device management infrastructure behind Deep Agentic Scan.

This reduces setup overhead, improves device orchestration, and allows deep mobile testing to run faster and more consistently across release cycles.

Deep testing becomes easier to run regularly instead of being reserved for occasional assessments.

Scan Duration
Scan Duration

Improved Reverse Engineering Capabilities

Improved Reverse Engineering Capabilities

A scan cannot make good decisions if it does not understand the application first.

Before an agent can decide what to test, it needs to understand how the application is built, where functionality lives, and which components deserve attention.

We upgraded the reverse engineering infrastructure used by Deep Agentic Scan to improve how the agent explores binaries, identifies relevant code paths, and investigates application behavior.

In the example below, the agent first searches the application for functionality related to deep links, WebViews, browsers, and URL handling.

Function Discovery During Reverse Engineering
Reverse Engineering Discovers Relevant Application Functionality
The scan identified hundreds of candidate functions and entry points that matched those behaviors, providing an initial map of potentially interesting functionality.

The agent then selected specific functions for deeper analysis and automatically decompiled them to understand their implementation details.

Automated Function Decompilation and Analysis
Automated Function Decompilation and Analysis

This allows Deep Agentic Scan to move beyond simple pattern matching and build a deeper understanding of how application components interact before deciding what to test next.

Better understanding leads to better testing decisions.

Stronger Planning and Tooling for Vulnerability Detection

Finding vulnerabilities is not simply a matter of running more tests.

The difficult part is deciding which signals deserve investigation, which tools should be used next, and which attack paths are worth following.

We improved the planning and tooling capabilities behind Deep Agentic Scan.

This allows the agent to make better decisions during testing, spend more time investigating suspicious behavior, and follow promising attack paths further before deciding whether a finding is real.

The goal is not more findings.

The goal is more findings that matter.

The agent generates an exploit-driven validation plan before selecting tools and executing tests
The agent generates an exploit-driven validation plan before selecting tools and executing tests

Historical Scan Processing for Incremental Coverage

Applications change every release, but most scans behave as if they have never seen the application before.

Previous findings, explored functionality, validated attack paths, and known behavior are discarded after every scan.

We improved historical scan processing to allow Deep Agentic Scan to use information gathered during previous assessments.

Instead of rediscovering what is already known, future scans can spend more time testing new functionality, changed behavior, and areas that deserve additional attention.

Repeated scans become cumulative instead of repetitive.

Heatmap for Agentic Deep Scan
Heatmap for Agentic Deep Scan

Improved Vulnerability Chaining and Risk Prioritization

Security teams rarely struggle because they lack findings. They struggle because they lack context.

A hardcoded credential, an exposed API, and an overly permissive token may all appear as separate issues in a report, even though an attacker would treat them as a single attack path.

Deep Agentic Scan now improves vulnerability chaining and risk prioritization by validating findings, following pivots automatically, and measuring the impact of the resulting attack path rather than stopping at the initial discovery.

The example below started with the discovery of hardcoded Auth0 M2M credentials embedded in an iOS application.

Hardcoded Service Credentials Discovered In Mobile Application
Hardcoded Service Credentials Discovered In Mobile Application

The scan first validated that the credentials were active and capable of issuing production JWTs for an internal service rather than reporting them as an unverified secret exposure.

Further analysis of the issued JWT revealed the available scopes, audience information, signing infrastructure, and additional targets that could potentially accept the token.

Token Analysis Reveals Additional Attack Paths
Token Analysis Reveals Additional Attack Paths
This additional context allowed the scan to move beyond credential discovery and continue exploring where those credentials could lead.

The scan then identified that the same credentials could authenticate against the Auth0 Management API audience and automatically validated the resulting access and permissions.

Credential Validation Leads to Management API Access
Credential Validation Leads to Management API Access

What initially appeared to be an internal service credential had now expanded into identity infrastructure access with administrative capabilities.

Finally, the scan validated the business impact by performing non-destructive user enumeration against the tenant and demonstrating access to sensitive user information and administrative scopes.

Attack Chain Escalates To Tenant-Wide User Data Exposure
Attack Chain Escalates To Tenant-Wide User Data Exposure

What started as a high-severity hardcoded credential issue became a critical finding with demonstrated access to tenant-wide user data.

This is the difference between more findings and better findings.

The goal is not to produce larger reports. The goal is to identify the small number of issues that can become security incidents and place them at the top of the queue.

Managed Cyber Models

Deep Agentic Scan now includes Ostorlab-managed Cyber Models for both mobile and web assessments.

Teams can run OpenAI-backed models immediately without managing API keys, model infrastructure, or integrations themselves.

BYOK vs Cyber Models
Bring your own key vs Cyber Models

These models strengthen the agent's ability to understand application behavior, choose testing strategies, investigate suspicious signals, and validate potential vulnerabilities during a scan.

Learn more about Ostorlab Cyber Models

Transparent Attack Validation

Security teams should not have to trust a black box.

Deep Agentic Scan provides visibility into the attack paths, decisions, and validation steps taken during testing.

Teams can see what was tested, what was validated, and how a finding was reached.

Vulnerabilities Validation
Vulnerabilities Validation

Flexible Testing Depth

Not every assessment needs the same level of depth.

Teams can choose testing durations ranging from focused one-week assessments to engagements comparable to an eight-week penetration test, depending on their objectives and timelines.

Cyber Models Effort
Scan Effort configuration with Cyber Models

These improvements help Deep Agentic Scan spend less time rediscovering known behavior and more time validating the risks that matter.

Learn more about : Web Deep Agentic Deep Scan and Mobile Deep Agentic Scan.