ExploitScope is a Gemini-powered agentic workflow I built in Google Opal that transforms controlled exploit data and a target bug identifier into a complete, professional defensive security report — fully automated from input to output.
The core challenge ExploitScope solves is context collapse: raw exploit payloads and CVE identifiers exist in isolation, but the real security value lives in the intersection — understanding how a specific exploit interacts with a specific bug, what the attacker requirements are, how likely it is to succeed, and what defenders should do about it. ExploitScope bridges that gap by orchestrating a chain of specialized Gemini agents, each responsible for a distinct stage of the analysis, culminating in a structured HTML report complete with quantitative risk metrics, an attack-flow diagram, and an audio analyst briefing.
What makes this architecture meaningful is that it doesn't just generate text — it integrates Python code execution for deterministic metric scoring, Google Search grounding for real-time vulnerability context, TTS audio synthesis for analyst-ready briefings, and multi-modal HTML report generation — all wired together as a single end-to-end agentic pipeline.
The workflow is publicly available on Google Opal — paste in any exploit payload and a bug identifier and run it end-to-end yourself.
→ Launch ExploitScope on Google Opal
Figure 1: ExploitScope multi-agent pipeline: from exploit input to final defensive security report
The following screenshots show an actual ExploitScope report generated for CVE-2019-0708 (BlueKeep) — a critical pre-auth RCE vulnerability in Windows RDP.
Figure 2: Generated Report Dashboard — CVSS Score, Exploit Success Probability, Complexity Metrics, and Audio Intelligence Briefing
Figure 3: Technical Analysis Report — Vulnerability Description, Exploit Mechanics, and Auto-Generated Attack Flow Diagram
The workflow accepts two inputs and routes them through a sequential and parallel chain of eight specialized agents and execution nodes before converging into a final HTML report.
| Parameter | Description |
|---|---|
Exploit Data |
The technical exploit payload, controlled exploit context, or simulated attacker behavior to be analyzed |
Target Bug ID |
The specific system bug identifier (e.g. CVE) to research, contextualize, and score |
1. Bug Research
Takes the Target Bug ID and researches it using Google Search to gather detailed, grounded context — including affected systems, CVSS scores, known vulnerability behavior, related attack patterns, exploit prerequisites, and publicly available security advisories. This grounds all downstream analysis in real, verifiable information rather than model assumptions.
2. Deep Analysis
Receives both the Exploit Data and the full Bug Research output, then performs structured security reasoning across six analytical dimensions:
- Exploit path — the precise sequence of actions an attacker takes
- Attacker requirements — access level, tooling, and preconditions needed
- Technical assumptions — environment and configuration dependencies
- Likely impact — confidentiality, integrity, and availability implications
- Defensive implications — patches, mitigations, and hardening recommendations
- Detection opportunities — indicators of compromise and logging signals
3. Craft Metrics Instruction Generates a concise, unambiguous Python-executable instruction set that defines exactly how two key technical metrics should be calculated: exploit complexity and exploit success probability. This stage separates metric definition from metric execution, ensuring the scoring logic is transparent, reproducible, and auditable.
4. Calculate Metrics (Python execution node) Executes the instruction set generated in the previous stage as live Python code to compute structured, quantitative scores. This is a deliberate architectural decision — by running real code rather than asking the model to estimate numbers, the workflow produces deterministic, defensible scores that aren't subject to LLM hallucination or inconsistency.
5. Generate Exploit Diagram Produces a technical diagram or visual flowchart that maps the full exploit process based on the deep analysis findings. This makes the attack path legible to both security engineers and non-technical stakeholders, and gives the final report a visual artifact that communicates the threat clearly.
6. Generate Briefing Script Writes a concise, professional analyst briefing script summarizing the key findings from the exploit analysis — the vulnerability context, exploit path, risk scores, and recommended defensive actions — in a format specifically structured for audio delivery.
7. Synthesize Audio (TTS node) Converts the briefing script into a high-quality audio file using text-to-speech synthesis. The audio is embedded directly into the final HTML report, giving analysts and security teams an accessible, consumable format for communicating findings.
8. Generate Final Report Acts as the convergence node — pulling together every artifact produced by the pipeline: the original exploit data, bug research findings, deep analysis, calculated metrics, exploit diagram, briefing script, and synthesized audio. It combines all of these into a single structured, professional HTML report ready for distribution to security teams or stakeholders.
This project goes beyond prompt chaining. Each design decision reflects a deliberate systems-thinking approach to agentic workflow architecture:
| Design Decision | Why It Matters |
|---|---|
| Separating metric instruction from execution | Keeps scoring logic transparent and reproducible; avoids model inconsistency in numerical outputs |
| Google Search grounding on the research agent | Anchors analysis in real, current vulnerability data rather than model training knowledge |
| Parallel branching after Deep Analysis | Diagram, audio, and metrics are independent artifacts — parallelizing them reflects real pipeline efficiency thinking |
| TTS audio as a first-class output | Analyst briefings are a real deliverable format in security operations; treating audio as an artifact (not an afterthought) reflects operational awareness |
| Single HTML report as convergence point | Forces all artifacts to be structured enough to compose — the final report stage validates the entire pipeline's coherence |
| Layer | Technology |
|---|---|
| Agent Runtime | Google Opal |
| AI Model | Gemini |
| Research Grounding | Google Search |
| Metric Execution | Python (code execution node) |
| Audio Synthesis | TTS (text-to-speech node) |
| Output Format | Structured HTML report + embedded audio |
- Multi-agent orchestration and pipeline design with Gemini
- Google Search-grounded, real-time vulnerability research
- Structured exploit reasoning across six analytical dimensions
- Deterministic Python-based quantitative metric scoring
- Automated attack-flow diagram generation
- Analyst audio briefing synthesis from AI-generated scripts
- Multi-modal, end-to-end HTML report generation
- Parallel agent branching and artifact convergence patterns
- Vulnerability research and exploitability assessment
- CVE triage and technical risk scoring
- Attack-flow visualization for security engineering teams
- Automated analyst briefing generation for security operations
- Defensive security reporting and stakeholder communication
- Exploit impact analysis for red team / blue team workflows
Built by Ritvik Indupuri · June 1, 2026