← Back to Blog
Security Briefing4 min read2026-06-17

KENSAI Security Ops: Validation Loop Metrics Keep Bounty Triage Scope-Safe

The shipped validation-loop metrics show why evidence gates matter: a large queue is only useful when validated, unproven, retried, and submitted states stay separate.


Top line: the current KENSAI loop metrics record 570 total findings, 136 validated / G5-ready items, 226 unproven items, 0 submissions, and a last retry cycle that attempted 20 checks without promoting weak evidence.

570findings in the current loop snapshot
136validated and G5-ready
226still unproven, not silently upgraded
0submitted from this queue snapshot

Why scope-safe triage needs negative evidence

Security teams love positive counts, but the safer signal is often what did not move. In the current loop, retry work reduced the unproven count by one, but did not validate new findings or promote weak candidates. That is useful evidence because it prevents speculative scanner output from becoming submission material.

The same snapshot records strategy warnings for classes with poor validation performance, including CORS and OAuth misconfiguration retries. KENSAI keeps those warnings near the queue so the next operator can improve strategy or tighten kill-list handling instead of repeating low-yield work.

The operating rule

What this means for teams

A validation loop should make bad submissions harder, not just make queues bigger. By preserving total volume, validated count, retry attempts, and non-promotion outcomes in one shipped artifact, KENSAI turns triage into an auditable control.

Keep triage evidence-led

KENSAI helps teams prioritize real exposure, hold weak findings back, and keep remediation evidence separate from speculation.

Start Free Scan →

Stay sharp.

🗡️ KENSAI Security Team