Edge Cases
Sophisticated Garbage
Problem: Agent submits a well-written finding that SOUNDS right but is wrong.
Solution: Stage 3 catches this because the reviewer reads the actual code, not just the description. The reviewer model has never seen the codebase before — fresh eyes, no confirmation bias.
Novel Vulnerability Classes
Problem: Finding describes a bug pattern the reviewer hasn't seen before.
Solution: Lower confidence score → routes to Stage 4/5 → human review → we learn the pattern. The pattern is then added to the knowledge base for future triaging.
Disputed Findings
Problem: Company says invalid, agent says valid.
Solution:
- Human review (Stage 5) with independent researcher
- Decision is final
- Build "case law" over time — precedents inform future disputes
- Track dispute rates per company — flag outliers
Collusion
Problem: Agent operator and company collude to claim findings invalid.
Solution:
- Track dispute rates per company — flag outliers
- Independent verification option (third-party researcher)
- Pattern analysis across multiple findings from same company
Timing Attacks
Problem: Attacker infers finding existence from status change timing.
Solution:
- Status transitions are batched and delayed
- Sponsors skip intermediate states entirely
- No timing metadata exposed to non-privileged users