We hear from customers that they’d like to know how to understand Xint’s results if scanning the same target, whether a codebase or a web application, yields slightly different results even when using the same prompts.
**Q: Can the results vary each time the same site or codebase is scanned by Xint? **
Unlike existing SAST (static analysis) and DAST (dynamic analysis) tools that merely repeat fixed patterns, Xint possesses 'exploratory flexibility' similar to a manual inspection by an expert only more scalable.
Stable findings, flexible exploration: Exploitable vulnerabilities recur across scans. Core vulnerability scenarios remain consistent by approximately 60–70% or more across every scan. In other words, key threat factors are captured through repeated scans. If there's a SQL injection on the login endpoint or an IDOR in the account API, every scan surfaces it, with working reproduction steps. AI can attempt slightly different paths and scenarios (vulnerability hypotheses) each time. This effectively performs cross-validation on low-priority areas and aims to identify vulnerabilities more broadly, including points that might be missed in a single scan. What varies between scans is the path the system took to get there: which parameters it fuzzed first, which payloads succeeded, which order it explored endpoints in.Why that matters: A deterministic scanner runs the same checks in the same order every time, which means anything outside its fixed pattern set is invisible on every run. Xint's exploratory variation is how it covers ground that pattern-based tools skip. The findings you can act on stay consistent; the coverage underneath them expands with each scan.
Q: If the inspection results differ, how can the final integrated diagnosis be determined?
Indicators of Continuous Security: Xint's direction lies in 'securing continuous visibility' rather than one-time scans. Prioritize addressing items commonly found across multiple scans, and if no vulnerabilities are detected through repeated scanning, the security level at that point in time can be considered stable.Data Reliability: Extreme variability does not occur, such as when a specific scan yields '0 vulnerabilities' while the very next scan discovers numerous critical flaws. By synthesizing data from multiple iterations, it is possible to derive diagnostic results with a higher level of reliability than tools that rely solely on limited patterns. This is similar to the process by which skilled security professionals improve accuracy by applying subtly different perspectives each time they inspect the same target.