Recon is easy to start and hard to read. Point a few engines at a target and within minutes you have thousands of lines: status codes, tech fingerprints, open ports, discovered paths, passive intel. Almost all of it is noise. The two or three lines that actually matter are buried somewhere in the middle, and finding them is the part of the job that does not scale.
Valkyrie is the layer that reads that output for you and hands back a ranked list of findings. Not a smarter scanner, not an autonomous hacker: a triage and prioritization layer that turns raw engine output into something you can act on. This post is about what it actually does, what it costs, and where the line is between what ships today and what is still on the roadmap.
The real problem: output volume, not output scarcity
Modern recon tooling does not suffer from a shortage of results. The opposite. A single content-discovery run against a mid-size target can return tens of thousands of responses. A subdomain sweep plus a port scan adds thousands more. Each line is technically a "result," and the vast majority are completely uninteresting: a 301 redirect, a generic 200, a tech-detect info note.
The expensive, human part is reading all of it and deciding what deserves a second look. An exposed .git/config, a legacy server with known RCEs, an unauthenticated staging app: those are in there, but they look identical to the noise until someone with context reads the line and recognizes it. That recognition step is what Valkyrie automates.
Think of Valkyrie as the analyst pass that normally happens after a scan finishes, not a replacement for the scan. The engines produce evidence. Valkyrie reads the pile of evidence and tells you where to look first.
What Valkyrie actually does
When a workflow produces output, Valkyrie reads the full set of results and returns ranked findings. Each finding carries three things:
- A severity: critical, high, medium, or low. This is the ordering signal, so the things most likely to matter sit at the top of the list.
- A short title: the specific thing that was found, on the specific host (for example, "Exposed .git/config on target.com").
- A why: a sentence or two of context explaining what the finding means and why it earned that severity, so you are not reverse-engineering the ranking.
The point of the "why" is that a ranked list with no reasoning is just a different kind of noise. You should be able to read a finding and immediately know whether it is worth pivoting on or worth skipping. A legacy Apache 2.2.15 banner gets flagged high because that build has multiple known RCEs, and Valkyrie says exactly that, rather than leaving you to look it up.
Findings land in the same Findings explorer as everything else, so you can filter by severity, search, and export the triaged set to CSV, JSON, or Markdown for your report. See the findings docs for the full explorer.
What it does not do (and why we say so)
We are deliberate about not overclaiming here. Valkyrie reads output and prioritizes it. It does not probe targets on its own, it does not confirm exploitability, and it does not replace your judgment about scope or about whether a flagged item is a real issue in context. A "critical" from Valkyrie means "look at this first," not "this is confirmed exploitable."
A ranked finding is a prioritization signal, not a verdict. Severity tells you where to spend attention first. Confirming a finding is still your call and your responsibility within your authorized scope.
The deeper, agentic capabilities people often imagine when they hear "AI security agent" are on the roadmap, not in the product today. Specifically: payload mutation (Valkyrie crafting and adjusting probes to dig into a candidate vulnerability) and active probing to confirm or rule out findings. Those are directions we are building toward, paired with the upcoming dedicated vulnerability-scanning engine. We will say clearly when they ship. Until then, Valkyrie is triage, prioritization, and context.
How it is billed
Valkyrie is metered in credits, the same metered fuel the rest of the platform runs on, and it is billed separately from your subscription. The cost is per finding analyzed, not a flat monthly fee, so you pay for the analysis you actually run.
- Every plan includes a monthly grant of credits, so normal triage usage is covered by what your plan already gives you.
- Heavier usage draws from your credit balance like any other metered work, and you can top up any time.
- Credits never expire, and individual accounts pause new work at zero rather than overspending. Billing follows the same reserve-then-reconcile model as scans: you are charged for the analysis that actually ran.
The separation is intentional. Your subscription buys capacity (nodes, concurrency, seats). Credits meter the work. Pricing those independently means you are never paying a flat AI surcharge for a month where you barely ran any triage. See pricing for the plan grants.
Your data stays yours
Valkyrie reads your scan output to triage it, and that is the only thing it does with your data. Your findings are isolated per team and are never used to train any model. The output of your engagement does not leak into anyone else's results, and it does not become training data. This is not a setting you have to find and toggle. It is how the system is built.
The job was never to generate more results. It was to find the two that mattered. Valkyrie does the reading so you can do the work.
The Crossfyre Team
Where it fits
If you are a solo hunter, Valkyrie is the analyst pass you do not have time to do by hand on every run. If you are a small red team, it is a consistent first cut across everything your fleet produces, so nothing high-severity sits unread at the bottom of a 40,000-line scan. Either way it changes the question from "did I read all of it" to "what should I look at first."
Run a scan, let Valkyrie triage it, and see what floats to the top.
Start free