Humans in the loop

Automation does the miles. Humans make the calls.

Incenter automates relentlessly. But a machine can’t tell a real risk from noise, know when it’s making something up, or safely test a system that must never go down. That’s where our operators come in. Here’s exactly why, and where.

The model

Automation and humans, in one loop.

Two engines, each doing what the other can’t. Automation runs continuously, at a scale no team could match.

When it hits something it can’t judge, or must not touch, it hands off to an operator.

And it runs both ways: every problem an operator cracks by hand becomes a new automated test that runs forever after. The machine gets smarter; the humans stay on the hard part.

It’s the same loop whichever cadence you run — always-on across your whole surface, or a single point-in-time run as PTaaS.

Hands off what it can’t decideEvery manual break → a new automated testAUTOMATIONContinuous · at scale · every surfaceruns 24/7, never tiresOPERATORSJudgment · creativity · carethink like the attacker
Where automation stops

Four things no scanner can do for you.

Judgment

Tell the signal from the noise

A scanner flags everything it can. Most of it doesn’t matter: wrong context, unreachable, already mitigated. Only someone who understands your business can weigh the few that would actually hurt you.

So a human does it. An operator sets the business context, so the platform scores risk against the systems you really run.

AI hallucination

Know it isn’t making things up

AI-assisted tools are confident and wrong. They invent findings that read as real and miss ones that are. A model can’t tell the difference: it has no ground truth.

So a human does it. Operators keep watch, so no fabricated finding slips through, and the platform proves each real one by exploiting it for real.

Systems you must not break

Test what it can’t be let loose on

On operational tech — power, water, production lines, medical — an automated exploit could halt a plant or put people at risk. You would never turn a bot loose in there.

So a human does it. An operator tests by hand, reversibly, inside strict rules of engagement.

Creativity

Invent an attack no one has seen

Tools match known patterns. Real attackers chain small, individually-boring flaws into a breach, and abuse business logic no signature covers. That takes an adversary’s imagination.

So a human does it. Operators think like the attacker and find the path the scanner never will.

The clearest case: OT & ICS

Some systems you never turn a robot loose on.

On operational technology, a “successful” automated exploit isn’t a green checkmark. It’s a stopped production line, a tripped safety system, or worse. The blast radius is physical. So here, automation doesn’t just fall short. You actively don’t want it acting on its own.

How an operator does it instead: by hand, one careful step at a time, every action reversible and pre-agreed in the rules of engagement, proving the risk is real without ever tripping the thing that keeps the lights on.

SafetyPeople on the plant floor
UptimeOne outage, thousands hit
PhysicalValves, turbines, current

This is the rule, not the exception. Every Incenter run — OT or not — is scoped to what you approve and change-controlled, so it tests live systems without disrupting them.

How this changes over time

The split between automated and operator-led work isn’t fixed. When an operator finds something by hand, we build it into the platform as an automated test, so the automated share grows over time. The work that stays with people is the work on this page: judgment, systems that must not break, and attacks with no known pattern.

See where we’re going →
Request a demo