Should I use manual workflows for initial testing?
In most cases, Vyvern does not recommend using manually created workflows during initial testing.
Manual workflows often provide the AI with significantly more information than it would realistically have access to during a real-world scenario. This can unintentionally reduce the realism of the assessment and influence workflow behavior.
For early testing, AI-generated proposals typically provide a more accurate representation of:
Realistic external knowledge
Publicly available information
Natural reconnaissance behavior
Organic workflow generation
Why are AI-generated workflows recommended initially?
Vyvern’s AI is designed to independently gather and analyze information about organizations and targets.
Allowing the AI to propose workflows naturally helps organizations evaluate:
What information is publicly discoverable
How realistic attacks may develop
Existing organizational exposure
Employee awareness under more authentic conditions
Manually feeding the AI large amounts of internal information can create unrealistic testing conditions.
When should manual workflows be used?
Manual workflows are still extremely useful in many situations.
Organizations may choose to manually create workflows when:
Employees are already highly security aware
Specific information is known by an outside party
A company wants to simulate a targeted scenario
Sensitive information will soon become public
There are specific organizational concerns requiring additional focus
Security teams want to evaluate a known risk area directly
Manual workflows allow organizations to guide the AI toward particular objectives or testing scenarios that may not naturally appear during autonomous proposal generation.
Examples of Good Manual Workflow Use Cases
Manual workflows may be appropriate for scenarios such as:
Simulating a leaked vendor relationship
Testing awareness around an upcoming product launch
Focusing on a known high-risk department
Simulating information exposed during a recent incident
Evaluating reactions to highly targeted social engineering attempts
These workflows can help organizations prepare for more advanced or specialized threats.
Best Practice Recommendations
Vyvern generally recommends:
Starting with AI-generated workflows for baseline testing
Reviewing natural proposal behavior and employee responses
Introducing manual workflows later for advanced or focused testing scenarios
This approach typically provides the most realistic understanding of organizational security posture before moving into more controlled or specialized testing.
