What does “success rate” mean in Vyvern?
Workflow success rates measure whether a workflow achieved its intended objective.
Success does not always mean a credential capture or employee interaction. The definition of a successful workflow depends entirely on the workflow type and objective.
Different workflow categories use different success criteria.
Examples of Successful Workflows
Information Gathering Workflows
For reconnaissance or research-focused workflows, success may include:
Discovering publicly exposed information
Identifying AWS or cloud infrastructure details
Mapping business relationships or vendors
Finding employee information useful for future workflows
Identifying technologies, platforms, or services in use
These workflows are considered successful if meaningful intelligence is gathered that could assist future operations or organizational analysis.
Social Engineering Workflows
For social engineering campaigns, success may include:
Employee engagement with the workflow
Trust establishment with a persona
Information disclosure
Successful communication progression
Security awareness gaps being identified
The exact success criteria may vary depending on workflow objectives and organizational policies.
Technical Testing Workflows
Technical workflows may be considered successful when:
Infrastructure is identified correctly
Services or technologies are validated
Misconfigurations are discovered
Security posture information is collected
Awareness & Training Workflows
For awareness-focused testing, success may involve:
Measuring employee behavior
Identifying risky patterns
Determining where supplemental training may be needed
In many cases, identifying weaknesses is itself considered a successful outcome because it helps organizations improve security awareness over time.
Why success rates vary between workflows
Not all workflows are attempting the same goal.
For example:
A phishing workflow and a research workflow measure success differently
Some workflows focus on employee interaction
Others focus purely on intelligence gathering or validation
Because of this, success rates should always be viewed in the context of the workflow’s intended objective.
Are higher success rates always better?
Not necessarily.
In some cases:
A low success rate may indicate strong employee awareness
A high success rate may reveal significant organizational risk
Success metrics are intended to help organizations understand:
Security posture
Employee awareness
Exposure to social engineering risks
Areas requiring additional training or protection
