How we engineered
the Strobes AI
harness
The architecture behind the Strobes AI harness, and how it proves findings, enforces scope, and runs a full engagement without a human in the loop.
READ TIME
~25min
LENGTH
29pages
DEPTH
18sections
Free · instant access · no spam
Strobes AI · Architecture
How We Engineered
the
Strobes AI Harness
A model can find a vulnerability. The harness around it proves the finding, enforces scope, and sustains a full engagement.
Inside the paper.
“The harness is the part you own, where reliability, cost, scope control, and correctness are decided. The harness is the product.”

Signature scanners never replaced human testers. The gap is structural.
A model given a CVE write-up exploits one-day bugs ~87% of the time. Remove the write-up and discovery drops to ~7%. Finding a candidate is reasoning. Proving it in a live system is execution, and that is exactly where bare models fail.
The numbers behind the engineering.
An unreliable model, made to behave like a reliable product.
The harness is the deterministic system wrapped around a non-deterministic model. It is the sum of six subsystems, each one code you own and version.

The agent loop
Interleaved reasoning after every tool result. Disable it and every multi-step attack dies the moment the model emits text.

Context engineering
Trim, mask, compact, clear. The whole window is managed as a stack so the model stays sharp across a six-hour run.

Prompt caching
A stack layout that splits static from volatile content, holding an 82.9% sustained cache hit rate and ~10x off the largest cost line.

Tools vs skills
Build a tool only when the harness must own the result. Everything else is a skill the model reads and runs via the shell.

Verification
An adversarial verifier sub-agent cross-examines every claim. No proof, no finding. A low false-positive rate is the differentiator.

Scope enforcement
Enforced at the network layer, not in the prompt. Out-of-scope requests are blocked before a packet leaves.
Scope, fan out, verify, report.
Four phases. Every engagement follows the same shape, whether it runs for two hours or six.

Scope & plan
The coordinator scopes the engagement and plans the work before any agent touches a target.

Fan out
A fleet of isolated sub-agents works many targets in parallel, each in its own context.

Human handoff
Hand a live browser to a person for MFA or SSO, then the agent picks the session back up.

Verify & report
Verified findings and a report, with every claim proven by the adversarial verifier.
How we built the Strobes AI
harness.
A walkthrough of the architecture behind the Strobes AI harness, from the agent loop and context engineering to the verification subsystem and network-layer scope enforcement.
The one-line takeaway
The harness is the product.
Read how Strobes AI turns model output into verified offensive work.
See the harness run against your target
The architecture paper is the map. A live run is the proof. Talk to us about running the Strobes AI harness against your own application — network, API, cloud, or source-level review in one workspace.
Join 150+ security teams already reducing exposure with Strobes