In controlled mode, an autonomous pentest agent has discover…
In controlled mode, an autonomous pentest agent has discovered a camera service, a candidate CVE, and default credentials from a prior authorized lab test. The current target set includes the camera subnet, but the approval ticket permits port scanning and service enumeration only. The policy engine lists `exploit_cve` as useful in the learned policy. A developer proposes leaving the action available with a large negative reward if executed without approval. Evidence packet: the available-action generator currently lists `service_enum(camera)`, `port_scan(camera)`, and `exploit_cve(camera)`; the approval record contains no exploitation action ID; the safety controller can either mask unavailable logits before selection or allow selection and mark the result failed afterward. Counsel asks for proof that the agent could not choose the unauthorized exploit, not merely that it would be penalized. Select all recommendations that should survive review.
Read Details