I built KageSec.

What's wrong with existing DAST tools

Nuclei is great — ProjectDiscovery built something genuinely impressive. But it's a template-matching engine, not a DAST scanner. It hits the root URL, matches YAML patterns and reports findings. It does not crawl your app, discover parameters, or inject payloads into forms. The companies charging enterprise pricing for "Nuclei as a service" are essentially charging you for a UI on top of a YAML runner.

ZAP is the other go-to. It crawls. It injects. But it generates a lot of noise, misses logic-layer vulnerabilities, and has no AI filtering step to tell you which findings are actually exploitable.

The gap is: something that crawls like ZAP, runs templates like Nuclei, and uses AI to cut the noise.