Most AI security products surface model confidence as severity. Nexus does not. When TCSF_PRECISION_MODE=1 (the default), High and Critical are blocked unless proof tier permits them.
Proof tiers
- LLM hypothesis — never High/Critical
- Tool probe, unconfirmed — demoted in precision mode
- exploit_verified — permitted with response proof
- Grader-confirmed — CVE-Bench pass, sqlmap confirmed
Where it lives in code
nexus/validators/evidence_gate.py # severity demotion at ingest tcsf/exploit/impact_validator.py # High/Critical proof check tcsf/exploit/confirmation_loop.py # plan → execute → reflect
The exploit confirmation loop records exploit_verified evidence nodes. Unverified chains stay hypothesis or medium. Analyst FP rejections feed nexus_memory.db and trajectory memory down-ranks repeats.
We run a 12-case Web80 golden subset as regression: 100% critical precision, zero false criticals. That gate holds under precision, aggressive, and omega power modes.
Why this matters
Autonomous security research only earns trust when the runtime can refuse to overclaim. This note documents a shipped invariant in Nexus / TCSF — the kind of detail practitioners and search engines both need to evaluate the system honestly.
FAQ
Can an LLM confidence score become a Critical finding in Nexus?
No. Under TCSF_PRECISION_MODE=1 (default), LLM hypotheses never emit High or Critical. Severity requires exploit_verified or grader-confirmed proof.
Where is the evidence gate enforced?
In code: nexus/validators/evidence_gate.py at ingest, and tcsf/exploit/impact_validator.py for High/Critical proof checks — not in a system prompt.