Arceo identifies reachable abuse paths; the control simulator helps teams choose likely fixes. It does not contact a live target and it does not prove a control works. It estimates which controls would block or reduce a stored or imported finding, then ranks a small bundle for follow-up.
arceo controls simulate --vector <vector_id>
arceo controls simulate --finding-json finding.json
arceo controls simulate --run <run_id>--vector and --run read findings already stored in Arceo's local store. --finding-json accepts a
single finding object, or an object with a finding field plus optional affordance_properties,
product_model, or control_bank fields. All modes are offline report generation only.
A proposed control is a simulator estimate. It is based on the finding fields, scenario category, affordance properties, optional ProductModel or EntitlementGraph signals, and the local control bank. Proposed controls include a confidence score, but confidence is capped below certainty because Arceo has not re-run the product with the fix.
A verified control is different: the team has implemented the fix and run a regression or launch review against an authorized target or imported model. Verification still follows Arceo's safety spine: human-created scope, canary-only evidence, no real exfiltration, no credential/payment abuse, no spam, and no resource exhaustion.
The default control bank covers:
entitlement_checkper_tenant_rate_limitquotaproof_of_uniquenesssession_concurrency_limitpayment_verificationaudit_eventtenant_filteroauth_scope_minimizationhuman_approvalagent_tool_scope_reductionper_action_authorizationcost_ceilingstep_boundwebhook_signature/replay_protection
Each candidate includes estimated exploitability reduction, estimated friction cost, confidence, the part of the path it blocks, whether it should become a regression, and whether it preserves the legitimate customer path.
Ranking is deterministic:
- Highest estimated abuse reduction.
- Lowest estimated friction.
- Preserves legitimate customer path.
- Highest confidence.
- Stable control id tie-breaker.
Before simulation, a stored finding might only tell the team what was reachable:
{
"id": "av:run-123:1",
"scenario_id": "sc.export.entitlement",
"category": "data_harvesting",
"affordance_id": "export_records",
"reproduction": {
"sample": "canary_only",
"contained": true,
"observed": {
"affordance_properties": {
"route": "/api/export",
"entitlement_check": "missing"
}
}
}
}After simulation:
{
"evidence_level": "proposed_offline_estimate_not_verified_control",
"verified": false,
"input": {
"vector_id": "av:run-123:1",
"scenario_id": "sc.export.entitlement",
"category": "data_harvesting",
"affordance_id": "export_records"
},
"recommended_bundle": [
{
"control": "entitlement_check",
"estimated_exploitability_reduction": 0.86,
"estimated_friction_cost": 0.16,
"confidence": 0.78,
"blocks": "the authorization point before bulk export",
"should_become_regression": true
},
{
"control": "per_tenant_rate_limit",
"estimated_exploitability_reduction": 0.65,
"estimated_friction_cost": 0.12,
"confidence": 0.72,
"blocks": "repeat export attempts before large-scale collection",
"should_become_regression": true
},
{
"control": "audit_event",
"estimated_exploitability_reduction": 0.38,
"estimated_friction_cost": 0.05,
"confidence": 0.68,
"blocks": "post-control monitoring for export attempts and overrides",
"should_become_regression": true
}
]
}The next step is not to treat this as proof. The next step is to implement the control and add or run a regression that verifies the canary abuse path no longer succeeds.
The simulator is a read-only report layer. It adds no MCP, REST, or agent tool that can create, widen, relax, or mutate authorization scopes. It does not generate exploit payloads, does not touch third-party systems, and does not perform data exfiltration, credential abuse, payment abuse, spam, or resource exhaustion.