What's New in Recon 2.0
Recon 2.0 is the most significant upgrade to our security analysis brain since launch. The core scanning engine has been rebuilt around a new AI-first architecture that understands context, generates fixes automatically, and delivers results in a structured branch-based format that integrates directly with your existing code review workflow.
The 5-Phase Analysis Pipeline
Recon 2.0 runs a sequential 5-phase pipeline. Each phase builds on the previous, and the entire workflow completes in a single Lambda invocation:
| Phase | Name | What It Does |
|---|---|---|
| 1 | Intent Detection | AI classifies the request as SCAN or GENERAL. GENERAL requests receive a conversational response. SCAN requests proceed to Phase 2. |
| 2 | Code Structure Analysis | Maps the repository structure, detects languages, frameworks, and file types. Builds the file inventory for Phase 3. |
| 3 | Vulnerability Scanning | SAST analysis, CVE detection, secret scanning, IaC misconfiguration checks, and compliance assessment (SOC 2, GDPR, HIPAA, PCI-DSS). |
| 4 | Fix Generation | AI generates code fixes for automatically-resolvable vulnerabilities. Fixes are validated for correctness before being committed. |
| 5 | Branch & Report Creation | Creates a report branch with markdown reports and (if fixes were generated) a separate fix branch. Returns branch URLs for direct access. |
Branch Naming Convention
Recon 2.0 creates up to two branches per scan:
The report branch contains SECURITY_ANALYSIS.md (full vulnerability list with severity, file, line, and remediation guidance), COMPLIANCE_REPORT.md (framework-by-framework compliance scores), and MANUAL_REVIEW_REQUIRED.md (items that require human judgment). The fix branch contains the actual code changes — ready to review and merge.
AI Intent Detection: How It Works
One of the most common friction points in Recon 1.x was that any message — including greetings, questions about other brains, or off-topic requests — would trigger a full scan attempt. Recon 2.0 solves this with a lightweight intent classifier that runs before any repository access.
The classifier uses a structured prompt that gives the AI full knowledge of all Agnixa brains and their domains. It classifies requests into two intents:
- SCAN — Any request related to code analysis, security, vulnerabilities, compliance, code review, code quality, or code structure. Triggers the full 5-phase pipeline.
- GENERAL — Pure greetings, questions about capabilities, or requests clearly belonging to another brain (CI/CD → AutoX, architecture diagrams → Blueprint). Returns a conversational response with guidance.
The classifier defaults to SCAN when uncertain — Recon 2.0 is designed to be inclusive, not restrictive. If a request could plausibly be about code analysis, it proceeds with the scan.
What Didn't Change
The core scanning capabilities remain the same: OWASP Top 10 detection, CVE scanning, secret detection across git history, SOC 2 / GDPR / HIPAA / PCI-DSS compliance checks, and Terraform/IaC misconfiguration scanning. Recon 2.0 is an upgrade to the delivery mechanism and developer experience — not a replacement of the underlying security intelligence.
Recon 2.0 is available now on Basic and above. Deploy the updated lambda to your AWS environment to activate all new features.