Audits & Findings

An Audit is a fully automated security scan that deploys an AI agent to enumerate subdomains, visit each one, identify misconfigurations and exposed data, and produce a structured report — complete with screenshots, PDF export, and session recording.

How an audit works

  1. You create an audit inside a workspace, targeting a domain
  2. WithGiga provisions a sandboxed Ubuntu desktop and launches the AI agent
  3. The agent enumerates subdomains, visits each endpoint, captures screenshots, and identifies findings
  4. Results are compiled into a structured report with severity ratings
  5. A PDF report and full video recording of the agent session are saved
The entire process runs without any manual intervention.

Running an audit

  1. Navigate to your workspace and click New Audit
  2. Confirm the target domain (inherited from the workspace)
  3. Optionally configure the scan depth and session duration
  4. Click Start Audit
The audit status will move from queued → running → completed as the agent works. You can watch the live desktop stream while the scan runs.

Audit statuses

StatusDescription
queuedWaiting for a sandbox to be provisioned
runningAgent is actively scanning
completedScan finished successfully — report is ready
failedAn error occurred — check the session logs

Findings

Findings are the individual issues the agent identifies during a scan. Each finding includes:
  • Severity — Critical, High, Medium, Low, or Informational
  • Type — e.g., exposed admin panel, misconfigured CORS, sensitive data in response
  • Subdomain — the specific endpoint where the finding was observed
  • Screenshot — a screenshot of the agent’s screen at the time of discovery
  • Description — a plain-English explanation of the issue and why it matters
Navigate to Audits → [Audit Name] → Findings to browse and filter findings.

Reports

PDF export

Every completed audit generates a downloadable PDF report suitable for stakeholders and compliance records. The report includes:
  • Executive summary with finding counts by severity
  • Full finding list with screenshots
  • Scan metadata (domain, date, duration, agent configuration)

Video recording

The full session recording — everything the agent’s desktop showed during the scan — is saved and accessible from the audit detail page. Use it to reproduce findings or review the agent’s decision-making.

Archived audits

Completed audits are archived automatically after 90 days but remain accessible under Show Archived in the audit list. Reports and recordings are retained for the duration of your plan’s storage allocation.

Next steps

Scheduling

Automate recurring scans with a cron schedule.

Custom Domains

Share reports via a branded subdomain.

API: Audits

Trigger and retrieve audits programmatically.

Slack Integration

Receive audit notifications in Slack.