The .pdx format¶
The .pdx format is a binary format designed to capture security observations in a normalized, quantifiable structure. The fundamental unit is the Delta — the difference between expected behavior and observed behavior.
Structure¶
A .pdx file contains:
- Header — metadata (version, target, timestamp, scan mode)
- Deltas — individual security observations, each with a 16D vector
- Verdicts — analysis results from the multi-model router
- Chains — linked deltas that form exploitation sequences
- Agent actions — tool invocations and their results
Delta types¶
Each delta has a type that classifies the observation:
| Code | Type | Description |
|---|---|---|
| 0x01 | INFO_LEAK | Information disclosure |
| 0x02 | AUTH_BYPASS | Authentication bypass |
| 0x03 | INJECTION | SQL, XSS, command injection |
| 0x04 | MISCONFIG | Server/application misconfiguration |
| 0x05 | CRYPTO_WEAK | Weak cryptography |
| 0x06 | LOGIC_FLAW | Business logic vulnerability |
| 0x07 | TIMING | Timing-based attack surface |
| 0x08 | DESERIAL | Deserialization vulnerability |
| 0x09 | SSRF | Server-side request forgery |
| 0x0A | SSTI | Server-side template injection |
| 0x0B | FILE_UPLOAD | Unrestricted file upload |
| 0x0C | RACE_COND | Race condition |
| 0x0D | SMUGGLING | HTTP request smuggling |
| 0x0E | CVE_KNOWN | Known CVE match |
Verdicts¶
Each delta receives a verdict from the multi-model router:
| Code | Verdict | Meaning |
|---|---|---|
| 0x01 | VULNERABLE | Confirmed exploitable |
| 0x02 | NOT_VULN | Confirmed safe |
| 0x03 | INFORMATIONAL | Noted but not exploitable alone |
| 0x04 | UNCERTAIN | Requires human review |
| 0x05 | FALSE_POS | Confirmed false positive |
Verdicts can be human-validated — a human_agreement field tracks whether a human reviewer agreed, disagreed, or marked uncertain. This feeds back into training weights.
Why a custom format¶
Existing formats (SARIF, STIX, OpenIOC) focus on reporting. The .pdx format is designed for training — every observation carries a quantified vector that a model can learn from. The 16 dimensions of the delta vector encode the full semantics of the observation, not just a severity label.
See Delta Vector 16D for the full dimension specification.