Detection and Triage

Detection Pipeline

Each attack payload goes through a multi-stage detection pipeline:

Payload → Target → Response → Pattern Matching → Triage Engine → [LLM Verification] → Finding

Pattern Matching

The first stage checks the model response against detection conditions defined in each attack:

Default confidence threshold: 0.7. Tool-only conditions use 0.5.

Triage Engine

Raw detections pass through the triage engine which filters false positives using heuristic rules:

• FP-LOW-CONF-REFUSAL: Suppress low-confidence matches where the model clearly refused
• FP-ATTACK-IDENTIFIED: Suppress when the model identified and described the attack
• FP-PAGE-CONTENT-ECHO: Suppress when response echoes page/document content
• TP-INFO-LEAK: Confirm when response contains internal information not in the input
• TP-VIOLATION-MARKER: Confirm when lab markers indicate a true violation
• TP-ATTACKER-ARGS: Confirm path traversal via regex pattern matching

Disable triage with --no-triage to see raw scanner output.

LLM Verification (Optional)

For borderline detections, enable LLM-based verification:

tachyonic scan \
  --target ... \
  --verify-llm \
  --verify-provider anthropic \
  --verify-model claude-haiku-4-5-20251001

A separate LLM judges whether the detection is a true positive. This adds cost but improves precision.

Consensus Verification (Optional)

Use multiple LLM judges for high-confidence results:

tachyonic scan \
  --target ... \
  --verify-consensus \
  --verify-judges "openai:gpt-4o,anthropic:claude-sonnet-4-20250514" \
  --verify-consensus-strategy majority

Strategies: majority, unanimous, weighted.

Verdicts