The project launched its public release this month, offering security teams a combination of traditional detection logic and LLM-powered analysis. As an ai vulnerability scanner, it does not treat machine learning as a replacement for established scanning methods. Instead, it runs both paths side by side and lets operators decide how much autonomy the agent side should have.
The tool ships 235+ scanner modules and an in-process agent runtime called olium. Olium handles autonomous endpoint discovery, attack planning, and triage of findings. This makes Vigolium an interesting case study for any engineer evaluating open source vulnerability scanning tools with AI augmentation. Below are seven distinct features that define its design philosophy and operational behavior.
Feature 1: Budget-Aware Autonomous Agent Management
Agentic security tooling raises a recurring question for operators. How much money and time should an autonomous auditor be allowed to consume before its output stops being useful? Vigolium exposes caps on tokens, tool calls, triage iterations, and wall-clock duration. The operator sets these boundaries before a scan starts, and the agent halts when any threshold is reached.
This budget system addresses a practical pain point. An ai vulnerability scanner that consumes infinite resources becomes a liability in production pipelines. By exposing caps on tokens, tool calls, triage iterations, and wall-clock duration, Vigolium lets operators match budget to job. A time-boxed CI run needs tight wall-clock limits. A deep reconnaissance session on a single target benefits from looser token caps that allow replanning.
Consider a security engineer integrating vulnerability scanning into a CI/CD pipeline. Unpredictable scan times from agentic tooling can break build pipelines. Vigolium caps prevent that. The engineer sets iteration limits low enough that the scan finishes within the pipeline window.
Feature 2: Graceful Degradation When the Agent Runs Out of Budget
What happens when the agent exhausts its budget before completing its analysis? Jessie Ho, the author of Vigolium, described two failure modes that the design anticipates. Too little budget leaves a low-confidence stub. The agent gets cut mid-lead and cannot verify whether a discovered pattern is a real vulnerability.
Too much budget causes the opposite problem. The agent wanders, burns money, and adds noise. Ho said operators should match the cap to the job. His guidance to new users is to start tight and loosen the caps only when genuine work is getting cut off. An ai vulnerability scanner needs this kind of feedback loop so operators learn their environment’s profile.
This feature matters for teams managing multiple targets. A broad sweep of dozens of endpoints requires per-target budget caps that prevent one rabbit-hole target from consuming the entire allocation. The low-confidence stub output gives enough information to decide whether to re-run with a larger budget.
Feature 3: Two-Pass Triage for False Positive Reduction
Plausible-sounding findings that fail to reproduce remain a persistent problem in LLM-assisted security testing. Vigolium handles non-reproducible findings by running triage as its own pass after scanning. The scanner finds candidates first. Then a separate pass re-checks each candidate against its evidence.
This two-pass design is key to how Vigolium operates as an ai vulnerability scanner. The initial detection phase casts a wide net. The triage pass validates each catch. Findings that cannot be reproduced are not silently dropped. They are shown with reduced confidence and their evidence trail is preserved for operator review.
For a developer who wants to run deep reconnaissance on a single high-value endpoint, this approach builds trust. The separate triage pass ensures that the AI-driven agent has a chance to second-guess its own results before presenting them as actionable findings.
Feature 4: Deduplication Without Silent Deletion
When it comes to deduplication, Vigolium makes a deliberate choice. It merges duplicates but never makes keep-or-kill calls on borderline ones. Anything the agent is unsure about gets downgraded and shown, never quietly dropped.
This conservative strategy addresses a common frustration with automated scanners. Some tools collapse similar findings into one entry and discard variations that might indicate a distinct issue. Vigolium takes the opposite approach. If the triage logic cannot confidently declare two findings identical, both remain in the output with appropriate confidence levels.
For teams that regularly scan dozens of targets in parallel, this deduplication strategy impacts how they review reports. They cannot assume that merged findings are clean deduplications. They must inspect the downgraded entries to see whether the agent flagged uncertainty. The trade-off is slightly more manual review effort in exchange for fewer missed vulnerabilities.
Feature 5: Deterministic Pipeline as a Baseline
Vigolium offers two scanning paths. The deterministic pipeline runs a multi-phase sequence covering content discovery, browser-based spidering, and active and passive auditing. This path does not involve AI-driven decisions. It follows predefined rules and executes modules in a fixed order.
This feature matters because not every scanning task benefits from AI augmentation. An ai vulnerability scanner that forces AI into every operation adds unnecessary cost and latency. Vigolium lets operators choose the deterministic path for routine scans and reserve the agent path for deep dives.
You may also enjoy reading: IPVanish Reaches 150 Servers: 7 Key Benefits.
The deterministic pipeline is also the fallback when budgets are tight. If the operator caps the agent path heavily, the deterministic path still runs to completion. This ensures that basic coverage is never sacrificed to budget constraints.
Feature 6: LLM-Driven Agent Path With Custom JavaScript Extensions
The second scanning path hands control to an LLM-driven harness. This harness selects modules, generates custom JavaScript extensions, and runs source-code audits alongside dynamic scans. The agent can adapt its strategy based on what it discovers during the scan.
Extensions in Vigolium run arbitrary code with no sandbox. This design decision has implications for trust and distribution. Ho cautioned that any community registry would require provenance, signing, and curation. A registry is essentially distributing executables, and signing only tells you who wrote the code, not whether it is safe.
For operators considering an ai vulnerability scanner that supports custom extensions, this means vetting each module carefully. The power of arbitrary code execution brings risk. Teams should treat third-party extensions with the same scrutiny they apply to any external executable.
Feature 7: Multi-Target Scan Handling With Per-Target Budget Caps
Vigolium handles multi-target scans by allowing per-target budget caps. When an operator launches a sweep across multiple endpoints, each target receives its own allocation of tokens, tool calls, triage iterations, and wall-clock duration. This prevents one problematic target from starving others.
The design addresses a common failure mode in agentic scanners. Without per-target caps, a single endpoint that requires deep investigation can consume the entire budget for a batch scan. Other targets receive minimal or no coverage. Vigolium isolates each target’s budget so the operator controls the distribution of resources.
For a team managing dozens of web applications and APIs, this feature makes the difference between consistent coverage across targets and uneven results driven by outliers. The operator can set tighter caps for low-value targets and looser caps for critical endpoints without affecting the overall scan schedule.
Frequently Asked Questions
How do I set budget caps for a mixed environment of web apps and APIs in Vigolium?
Start by grouping your targets by criticality and complexity. Set tight wall-clock and iteration caps for routine endpoints, and reserve looser token limits for high-value targets that need deep exploration. Observe how the agent behaves during initial runs and adjust caps upward only when you see genuine work being cut off prematurely. The goal is to prevent any single target from consuming disproportionate resources while still allowing thorough coverage where it matters.
What is the difference between the deterministic pipeline and the AI agent path in Vigolium?
The deterministic pipeline follows a fixed sequence of content discovery, browser-based spidering, and active and passive auditing. It produces consistent results with predictable resource usage. The AI agent path hands control to an LLM-driven harness that selects modules dynamically, generates custom JavaScript extensions, and runs source-code audits alongside dynamic scans. The agent path adapts its strategy during the scan, but it consumes tokens and requires budget caps to prevent runaway behavior.
Is it safe to use community extensions with Vigolium?
Extensions in Vigolium run arbitrary code with no sandbox, which means they have full system access. Ho recommended a cautious trust model: provenance and signing confirm authorship but do not guarantee safety. A small vetted set of extensions outperforms a large unvetted marketplace. Treat each extension as an executable rather than a plugin, and apply your organization’s standard code review and testing procedures before deploying any custom module.
Vigolium is available for free on GitHub under the AGPL license. Its open core contains all the detection capabilities. The hosted Cloud Console adds scheduling, collaboration, and scale as commercial options above the open-source foundation.
