Chitos: From Detection to Proof — An Autonomous Security AI That Actually Exploits

Autonomous vulnerability discovery · agentic web threat research · live exploit demonstration · free · no sign-up required
Default engine: Darwin-398B-JGOS (free) · Mode 2 extended research: user-supplied Claude API

---

Most security scanners hand you a list and walk away.

They pattern-match, flag candidates, assign severity labels — and then it's your problem to figure out which findings are real, which are noise, and which are actively being weaponized right now. That gap between detection and proof is where attackers live. It's the reason penetration testers exist. It's the reason mature security organizations spend more time triaging scanner output than fixing actual vulnerabilities.

Chitos was built to close that gap.

Developed by VIDRAFT, Chitos is a three-phase autonomous security AI that doesn't stop at suspicion. When it flags a potential SQL injection, it doesn't ask you to take its word for it — it fires a time-based payload, measures the HTTP response delta, and shows you the evidence. Not a probability estimate. A proof.

Try it now — no installation, no account: https://chitos.vidraft.net

---

The Problem With Static Analysis

VIDRAFT's previous security tool, Mythos, was a capable static analyzer. Rule-based heuristics, CWE/CVE mapping, readable reports. Useful for quick code health checks.

But static analysis has a structural ceiling it cannot break through.

A pattern-matcher that sees eval(user_input) can tell you that looks dangerous. It cannot tell you whether the input is actually reachable from an authenticated endpoint, whether the sanitization three layers up actually covers this code path, or whether there is a known, weaponized exploit chain for the specific framework version you are running. Those questions require dynamic reasoning — and increasingly, they require actually attempting the attack under controlled conditions.

The guiding principle: an unproven vulnerability is a hypothesis, not a finding. Chitos is designed around that distinction.

---

Architecture: A Three-Phase Escalation Pipeline

🔍 Phase 1 — Security Scan (static analysis, no network attacks)

The entry point. Chitos applies 50 language-agnostic pattern rules covering injection sinks, deserialization gadgets, credential leakage, path traversal, broken cryptography, CORS misconfiguration, Prototype Pollution, and Kubernetes privilege escalation, among others.

Each candidate is cross-referenced against live CVE data. Darwin-398B-JGOS then performs severity adjudication and CWE classification, producing a 0–100 security score report segmented by CRITICAL / HIGH / MEDIUM / LOW / INFO.

A built-in verification layer filters candidates before they reach the report: findings that cannot be substantiated are marked false positive and excluded. What reaches the report has been validated, not merely flagged.

Accepted inputs: Python, JavaScript/TypeScript, Go, Java, C/C++, PHP, Rust, YAML, and other source languages — or a live URL (bare domains are supported: yourdomain.tld without a protocol prefix works).

🔬 Phase 2 — Autonomous Research (web-search agent, no network attacks)

Some threat questions cannot be answered by reading code. Does this specific version of this library have a known exploit chain in the wild? Has this authentication pattern been broken in real incidents? Is there a working PoC published for this CVE?

To answer these, Chitos launches a web-search agent:

Hypothesis formulation
  → CVE databases + exploit advisories + PoC repositories
  → Source verification
  → Threat narrative synthesis
  → Structured report

This mode requires a user-supplied Claude API key (never stored; used only for the duration of the request). Phases 1 and 3 run entirely on Darwin at no cost to the user.

🎯 Phase 3 — Active Exploit (live attacks, authorized targets only)

This is where Chitos diverges from every other publicly available security scanner.

Against targets you own or have been explicitly authorized to test, Chitos fires real attack payloads and observes real responses. The execution loop:

Payload generation
  → Transmission
  → Response observation (status · timing · body delta)
  → Mutation on block → retry
  → Hard evidence capture
  → Kill-chain assembly
  → Remediation priority ranking

Supported attack classes in the current release:

• XSS (reflected, stored, DOM-based) — browser-observable proof of execution
• SQL Injection — time-based blind, error-based, and UNION extraction
• SSRF + Path Traversal — pivot detection across chained services
• Authentication Bypass — JWT alg:none, IDOR, broken object-level authorization
• Business Logic — multi-step sequence attacks

Kill-chain output connects all confirmed findings into a single attack narrative: "An attacker who exploits Finding #2 acquires a session token sufficient to reach Finding #4 and exfiltrate the entire user table." Remediation priorities are sequenced accordingly.

---

The Verification Layer: Why Chitos Reports Less — and Means It

The most common failure mode in autonomous security AI is aggressive reporting. Flag everything suspicious, let the analyst sort it out. High recall, ruinous precision. Security teams end up spending more engineering hours triaging tool noise than remediating the vulnerabilities the tool was supposed to surface.

Chitos applies a mandatory re-verification pass before any finding reaches the report. The system asks of every candidate: Is this actually triggerable from a reachable code path? Is the response delta statistically significant? Did the payload round-trip? Only findings that survive this interrogation are reported.

The epistemic foundation for this architecture draws from VIDRAFT's AETHER Metacognitive Adapter research — a system that achieved DOUBT-AUROC 0.903 on adversarial trap-question benchmarks, meaning it correctly anticipated its own errors with 90.3% accuracy before producing an answer. This is a metacognitive benchmarking figure; real-world exploit precision varies by target environment and is measured separately. The underlying capability — calibrated self-doubt before committing to a claim — translates directly into a scanner that does not cry wolf.

Practical implication: when Chitos reports a finding as confirmed, it has been validated, not assumed.

---

Engine: Darwin-398B-JGOS

Chitos runs on Darwin-398B-JGOS, VIDRAFT's 398-billion-parameter flagship model, served on-premises from VIDRAFT's own Blackwell GPU cluster. User code is never transmitted to a third-party AI service.

Publicly benchmarked performance (open-model category):

• K-AI National AI Leaderboard — 1st place (open models)
• GPQA Diamond — 1st place — graduate-level scientific reasoning (open models)
• MMLU Pro — 1st place — multi-domain expert knowledge (open models)

For security tasks specifically, the most relevant capability is multi-hop logical chaining — the ability to trace a data flow across function boundaries, infer reachability conditions, and reason about preconditions for exploit success. This is what enables coherent kill-chain construction and hypothesis-driven exploit research rather than brute-force payload spraying.

---

Built-In Examples: Five Real-World Vulnerability Classes

Chitos ships with five pre-loaded examples drawn from real security incidents, each illustrating a qualitatively distinct vulnerability class. Click a card, load the code, and run a scan — results appear within seconds.

No installation. No account. Click, scan, read.

---

Safe, Legal Testing Target

For end-to-end pipeline testing including Phase 3 active exploits:

http://demo.testfire.net

IBM's AltoroMutual is a deliberately vulnerable banking demo application, publicly maintained for security tool evaluation. No real user data. Authorized for testing by design.

Paste the URL, select 🔍 Security Scan or 🎯 Active Exploit, and observe the full pipeline execute in real time.

---

Legal Notice and Responsible Use

Chitos is built for security professionals, researchers, and developers testing systems they own or have explicit written authorization to assess.

Before using Active Exploit mode:

• Confirm that you own the target system or hold documented authorization from its operator.
• Unauthorized vulnerability testing may constitute a criminal offense under applicable law: Korea's Act on Promotion of Information and Communications Network Utilization and Information Protection, the U.S. Computer Fraud and Abuse Act (CFAA), the UK Computer Misuse Act, and equivalents in other jurisdictions.
• All legal liability rests with the user. VIDRAFT accepts no responsibility for misuse of this tool.

For safe practice environments without authorization concerns, deploy a locally isolated intentionally vulnerable application:

• DVWA — Damn Vulnerable Web Application
• OWASP Juice Shop
• WebGoat

---

Roadmap

The current public release covers the full static + research + exploit core pipeline. Planned additions:

• Persistent vulnerability knowledge graph — target-specific memory across sessions
• CI/CD webhook endpoint — POST /scan integration for pipeline-gating security gates
• Language coverage expansion — Rust, Swift, and Kotlin static rules
• Report export — PDF and JSON formats for audit trail documentation
• Collaborative workspace — shared findings, annotation, and team triage views

Prioritization is driven by community feedback. Open issues and feature requests in the Space's Community tab.

---

Citation

@misc{chitos2026,
  title   = {Chitos: Autonomous Security AI — From Static Detection to Live Exploit Proof},
  author  = {VIDRAFT},
  year    = {2026},
  url     = {https://chitos.vidraft.net}
}

---

Built and operated by VIDRAFT · Engine: Darwin-398B-JGOS on-premises Blackwell · Contact: arxivgpt@gmail.com