Takumi Blackbox Assessment Engine Improvements
We've made some improvements to the Takumi Blackbox Assessment engine.
Overview
Since the release of Blackbox Assessment in November 2025, we've been continuously working on improving the engine. This update brings three major enhancements: improved precision rate through a new verification layer, optimized scan efficiency, and support for multiple in-scope/out-of-scope URLs.
Improved Precision Rate
We've added a new verification layer that filters out false positives for certain vulnerability types. This enables Takumi to report vulnerabilities more accurately by avoiding non-exploitable issues.
In the assessment report, findings verified by this layer are labeled "Validated", while others are labeled "Requires Verification" to help you triage results.
The benchmark report published in early December 2025 uses this verification layer:
Enhanced Scope Configuration
Blackbox Assessment now supports multiple in-scope and out-of-scope URLs, giving you more granular control over what gets tested.
This is particularly useful for:
- Applications spanning multiple subdomains
- Testing specific sections while excluding others
Performance Optimizations
We've made several internal optimizations to improve scan efficiency:
- Proper scan scope enforcement: Improved adherence to designated feature scope and vulnerability perspectives
- Enhanced crawl coverage: Fixed an issue where certain types of endpoints were not being discovered during crawling
These optimizations improved precision while maintaining recall. We also observed 30-50% improvement in both scan time and credit consumption. We use the same methodology as described in the Takumi (Blackbox) Benchmark Report.
Availability
This feature is available to all Takumi by GMO users at no additional cost.