Severity is a code decision, not a confidence score

· architecture ·

Most AI security products surface model confidence as severity. Nexus does not. When TCSF_PRECISION_MODE=1 (the default), High and Critical are blocked unless proof tier permits them.

Proof tiers

  • LLM hypothesis — never High/Critical
  • Tool probe, unconfirmed — demoted in precision mode
  • exploit_verified — permitted with response proof
  • Grader-confirmed — CVE-Bench pass, sqlmap confirmed

Where it lives in code

nexus/validators/evidence_gate.py      # severity demotion at ingest
tcsf/exploit/impact_validator.py       # High/Critical proof check
tcsf/exploit/confirmation_loop.py      # plan → execute → reflect

The exploit confirmation loop records exploit_verified evidence nodes. Unverified chains stay hypothesis or medium. Analyst FP rejections feed nexus_memory.db and trajectory memory down-ranks repeats.

We run a 12-case Web80 golden subset as regression: 100% critical precision, zero false criticals. That gate holds under precision, aggressive, and omega power modes.

Why this matters

Autonomous security research only earns trust when the runtime can refuse to overclaim. This note documents a shipped invariant in Nexus / TCSF — the kind of detail practitioners and search engines both need to evaluate the system honestly.

FAQ

Can an LLM confidence score become a Critical finding in Nexus?

No. Under TCSF_PRECISION_MODE=1 (default), LLM hypotheses never emit High or Critical. Severity requires exploit_verified or grader-confirmed proof.

Where is the evidence gate enforced?

In code: nexus/validators/evidence_gate.py at ingest, and tcsf/exploit/impact_validator.py for High/Critical proof checks — not in a system prompt.

Further reading