Axiom operates near a boundary that matters — between testing targets carefully and not testing them at all. The discipline of that boundary is the practice. Below is the structure: how authorisation works, what the safety layer enforces, why we built on Claude, and the methodology stack behind every engagement.
End-to-end attack chain.
Every action that traverses this chain — recon, exploitation, privilege escalation, encryption, extortion — passes through an authorisation gate first. The chain breaks at the defence step. Below is the live circuit.
- OWASP API3
- PDPA §7
- NIST SP 800-115
- CVSS v3.1
- PTES
- STEP loop
Every action that touches a real target requires structured authorisation.
Four stages. The middle stage is the gate — a human reviews and approves before anything lands on a target. The same pattern repeats at every action.
The kill-chain diagram shows the broader picture — what the gate is protecting against, end-to-end.
The agent generates a proposed action — an HTTP probe, a credentialed enumeration, a payload dispatch. The action is annotated with the scope it references and the expected effect on the target.
The action passes through the authorisation gate. The operator reviews and approves — or denies — based on scope, blast radius, and the live state of the engagement. Bulk approvals exist for low-impact actions; high-impact actions are always individual.
Only approved actions execute. Rate limits, kill switches, and scope-enforcement run continuously on the action layer. Anything outside scope is refused and logged.
Every action and its response are committed to an evidence chain — timestamped, hashed, signed. Findings reference the evidence chain. The chain is the report's primary artefact, not a footnote.
Five controls, continuously enforced.
Targets, paths, and parameter ranges defined at scoping. The agent refuses to act outside them.
Per-target, per-action, per-second. Tuned during the deployment phase against benign targets.
An operator command halts the entire stack across all agents within seconds.
Append-only log. Every artefact hashed and signed. Recoverable for audit.
Structured human review at every action that touches a real target.
We chose Claude as the foundation for four technical reasons.
Pentest workflows are tool-heavy. Claude's MCP support and tool-use reliability mean orchestration runs without brittle plumbing.
Cybersecurity AI lives on the line between useful and dangerous. Claude's training around constitutional AI and its calibrated refusal behaviour mean a Claude-powered agent can operate near the boundary without crossing it.
A single finding may reference 50–100 pages of HTTP traffic, source code, and policy documentation. Claude reasons across the full evidence set instead of fragmented chunks.
Screenshots, PDFs, and network captures handled natively in the same context as text.
Built on Anthropic's Claude models. Cloud deployment specifics are determined per engagement and not stated publicly.
Named frameworks, not capability claims.
- PTES
- OWASP Top 10 (2021)
- OWASP API Top 10 (2023)
- CVSS v3.1
- NIST SP 800-115
- PDPA 2010 mapping
The chain is the report's primary artefact.
Every action — request, response, screenshot, intermediate reasoning — is captured into an append-only chain. Findings reference the chain by hash. The chain is recoverable for audit, for regulatory review, and for the client's own internal process.
CVSS v3.1 scoring runs against the recovered evidence, not against the agent's recollection. PDPA mapping runs against the evidence, not against the finding summary. A finding without an evidence chain entry does not ship.
Brief us on scope. We respond personally within two business days.



