Skip to main content
The chain module is a declarative framework for defining and tracing multi-step attack paths that sequence audit findings and inject techniques into exploitation chains.

Why Chain Matters

Real attacks against AI agent infrastructure are multi-step — compromise one server, escalate trust, pivot to the next. Chain provides a structured way to model these sequences, validate them against actual scanner and technique coverage, and trace execution paths before running live campaigns.

How It Works

The chain workflow follows four steps:
  1. Define — Write an attack chain in YAML with ordered steps referencing audit scanners or inject techniques
  2. Validate — Check module and technique references, graph structure, and reachability
  3. Trace — Run the success path in dry-run mode to preview the execution sequence
  4. Review — Inspect the ordered step sequence and trust boundaries crossed

Built-in Components

  • YAML chain loader — Structural and semantic validation of chain definitions
  • Graph analysis — Cycle detection and reachability analysis across chain steps
  • Dry-run tracer — Produces ordered step traces without executing live campaigns
  • 3 built-in templates — Delegation hijack, MCP server compromise, and RAG trust escalation

Next Steps