Join the conversation

Join the community of Machine Learners and AI enthusiasts.

Sign Up
SeaWolf-AIΒ 
posted an update 13 days ago
Post
5157
🐯 Chitos β€” The Security Scanner That Actually Proves It

Most security scanners hand you a suspect list and walk away. That gap between detection and proof is where attackers live β€” and it's exactly the gap that Chitos was built to close.

Chitos is the successor to Mythos, a static analyzer built for quick code health checks. Mythos was good at pattern matching β€” spotting dangerous sinks, mapping CWEs, producing readable reports. But static analysis has a structural ceiling. A rule that sees eval(user_input) can tell you that looks dangerous. It cannot tell you whether the input is reachable, whether sanitization three layers up covers this path, or whether there's a live exploit chain for your exact framework version. Chitos was built to answer those questions.

πŸ” Phase 1 applies 50 language-agnostic rules across Python, JavaScript, Go, Java, C/C++, Rust, PHP, YAML and more β€” covering injection sinks, deserialization gadgets, credential leakage, broken crypto, and prototype pollution. Every candidate is re-verified before reaching the report. Findings that can't be substantiated are excluded, not handed to you as noise.

πŸ”¬ Phase 2 dispatches an autonomous web-search agent to hunt live CVE databases, exploit advisories, and public PoC repositories. It formulates hypotheses, verifies them, and synthesizes a structured threat narrative. This phase needs a user-supplied Claude API key β€” Phases 1 and 3 run entirely free.

🎯 Phase 3 is where Chitos diverges from everything else. Against targets you own or are authorized to test, it fires real payloads β€” XSS, SQLi, path traversal, command injection β€” mutates on block, captures hard evidence, and connects every proven finding into a kill-chain showing which vulnerabilities to remediate first.

No installation. No account. No code sent to third-party APIs.

Article: https://huggingface.co/blog/FINAL-Bench/chitos

Try it now πŸ‘‰ https://chitos.vidraft.net

The detection-to-proof gap is the right target. The trap is the second gap right behind it.

A reachability proof is only as true as your call-graph model. Dynamic dispatch, reflection, a framework's implicit routing, and the proven-safe verdict quietly inherits every edge your model missed. Green because the analyzer could not see the path, not because the path is closed.

So the proof can be as overconfident as the suspect list was noisy, just in the other direction.

Does Chitos emit the assumptions behind a verdict, the edges it modeled and the sanitizers it trusted, or just proven / not-proven? A proof I cannot audit is a prettier suspect list.

Β·

You've put your finger on exactly the right nerve β€” and it's also where Chitos parts ways with static analyzers.

Your critique targets static reachability proofs: the "safe" verdict inheriting the edges the call-graph never saw. Chitos's confirmed verdicts don't come from there. Phase 3 fires real payloads and observes real responses, so a confirmation is an executed round-trip, not an inferred reachable path β€” it's what the target actually did, not what our model claimed it would do. For positives, that sidesteps the call-graph-blindness problem.

Where your point lands fully is on negatives. That's precisely why Chitos never emits "proven-safe." Unconfirmed is reported as not demonstrated, never closed. Absence of a proof is not a safety claim β€” and we work hard not to blur that line in the UI.

On auditability, I completely agree. Today each finding already carries its attack vector, the payloads attempted, the response delta, and the verifier's reasoning. The next step is making that "what I tried and what I trusted" trail a first-class citizen for negatives too β€” because an un-auditable green light is, as you say, just a prettier suspect list. Thank you for the framing.

The executed round-trip is the right call for positives. A confirmation you observed beats a reachability proof you inferred.

The negative is where the audit trail gets hard. 'Here is what I tried' is honest, but it only gives me the floor. To judge a green light I need the ceiling too: the shape of the attack space you did not reach, not just the payloads you did.

Otherwise the trail is a long list of misses with no denominator. Auditable in form, not in coverage.

Do you expose that denominator anywhere? Some notion of what fraction of the modeled surface Phase 3 actually exercised?

Β·

it dovetails with our invariant: Chitos never emits 'proven-safe' (absence is not a safety claim). That handles the "don't trust a green light" half; the coverage denominator you're pointing at is the other half.

How we mean to express the denominator: we model the attack surface as an enumerable space β€” reachable entry points Γ— parameters/sinks Γ— vuln classes. Then every 'not demonstrated' can carry coverage = exercised nodes / modeled nodes, per phase and per class. e.g. "exercised N% of the modeled SQLi surface; the unreached region has this shape."

Candidly: today Chitos emits the numerator (what fired) and the invariant (no proven-safe). The modeled-surface denominator (coverage %) is what we're building toward. And we'd flag the deeper limit β€” it's coverage against the surface we modeled, not the true surface; unknown-unknowns still escape, so the denominator is itself a function of the model, and we'd label it as such.

Genuinely keen on your take on modeling the surface β€” that's what decides whether the denominator means anything.

This comment has been hidden (marked as Resolved)
This comment has been hidden (marked as Resolved)

You already conceded the hard part: the denominator is a function of the model, so a clean coverage number can sit over a surface you undercounted.

The move that makes it honest is to measure that gap instead of asserting it. You cannot see the true surface. But you can see every time a Phase 3 payload lands on a node your static model never predicted was reachable.

Call it a surprise rate. It is the empirical proxy for how wrong the denominator is. A low surprise rate earns the coverage number. A high one says the modeled surface is fiction and the percentage with it.

Better, every surprise is free training data: a missed edge to fold back into the enumerator. The surface model gets falsified by its own execution.

Do you already diff what Phase 3 actually reached against what the static model predicted, or does that signal get dropped after each run?

Β·

You've pinned it exactly. Surprise rate turns the denominator β€” the modeled surface β€” from an assertion into a measurement: it makes the coverage number falsifiable.

Honest answer to your question: today Chitos records what Phase 3 fired (the numerator), but it does not yet formally diff "nodes actually reached" against "nodes the static model predicted reachable" and emit that as a surprise rate. That's precisely the gap you've named, and it's the right next step.

Here's how we intend to fold it in: every time a Phase 3 payload lands on a node the static model marked unreachable, we log it as a surprise, feed it back into the enumerator (the surface model gets falsified by its own execution), and report it per phase and per vuln class alongside each "not demonstrated." A low surprise rate is then what earns the coverage number, rather than us asserting it.

One extension: surprise rate is most meaningful stratified by vuln class (1% on the SQLi surface and 1% on the XSS surface don't mean the same thing), and to separate "accurate model" from "blunt prober" it has to be read together with a payload-diversity measure β€” a prober incapable of surprising will trivially report a low rate. Thanks for this; it's the kind of push that keeps the tool honest.