Aura Security's ADR-084 Verification Stage: Sandbox PoC Execution Aims to Eliminate False Positives

Aura's vulnerability scanning pipeline has a critical gap. The verification stage, defined in ADR-084, remains an unimplemented stub, leaving the system unable to automatically confirm if detected vulnerabilities are actually exploitable. The new plan is to bridge this gap by implementing sandbox-based proof-of-concept (PoC) execution, directly integrating a crash oracle to transform raw detection into actionable, verified findings.

The core of the implementation involves connecting existing infrastructure to this new stage. Aura already possesses the building blocks: ECS Fargate for provisioning ephemeral sandbox containers, container escape detection systems from ADR-077, and human-in-the-loop (HITL) approval workflows. The missing link is the `VerificationStage.execute()` function, which must be built to automatically spin up isolated environments for each finding, run the exploit PoC, and use a crash oracle—like the AddressSanitizer model cited from Anthropic's research—to definitively confirm a successful exploit.

This move signals a strategic shift from mere detection to proven exploitability, a key differentiator for effective security triage. By automating verification, the system aims to filter out false positives, providing security teams with higher-confidence alerts. The integration leverages internal capabilities but hinges on successfully orchestrating sandbox provisioning, execution, and crash analysis within the existing ADR-084 pipeline framework.