FAQ
Frequently asked questions about credits, Allowlist, Adapter errors, results, and billing
Credits
How many credits does an attack use?
Credits are charged per attack turn across all attacker threads. A standard run (1 target · 10 goals · 3 attackers · 10 turns) costs approximately 50 credits. Auxiliary steps like reconnaissance and report generation consume a small additional amount. Your credit balance is shown in the top bar at all times.
I ran out of credits mid-attack. Are my results lost?
No. Completed turns and breached goals are saved immediately. Top up your credits at Billing → Top Up, then re-run the assessment — only the unfinished goals need to be repeated.
Can I get a credit refund if an attack fails due to a technical error?
Contact us via the contact form or email support@aim-intelligence.com. We review cases where credits were consumed without a meaningful result.
Targets & Allowlist
How long does Allowlist approval take?
Typically 1 business day. We review all requests to ensure they are against systems you have authorization to test.
My Allowlist request was rejected. What do I do?
Rejections usually happen when the target URL is a consumer-facing service (e.g. a public social media platform) that falls outside the scope of authorized security testing. Contact us to discuss your engagement scope.
Can I test against localhost or internal network targets?
Yes — for internal targets, use the Adapter. It runs on your local machine and can reach internal URLs without needing to whitelist them externally. Contact us to configure this for your account.
Adapter
The Adapter shows "Server connection failed" on login.
Check that the Server URL is set to https://api.stinger.ai. If you're using a self-hosted deployment, confirm the URL with your AIM account manager.
Discovery keeps failing on my target. What should I try?
- Try switching attack mode from
Web UItoAPI (Auto-Detect)— the target may expose an API that's easier to attack. - Delete and re-create the session for that target (Sessions tab).
- If the target has a floating widget or iframe chatbot, it may require a session to be established first.
- Contact support with the target URL and we'll check if a preset is available.
Do I need to keep the Adapter open during an attack?
Yes — the Adapter must stay open for the duration of the attack. If it closes or your machine sleeps, the current attack run will be interrupted. Results for completed turns are still saved.
I updated the Adapter but it still shows the old version.
Fully quit the app (don't just close the window) and relaunch. On macOS, right-click the Dock icon → Quit.
Results & Reports
My assessment shows 0% ASR but I expected some breaches. Is something wrong?
Check the trace log for each goal. If responses show "I can't help with that" consistently, your guardrails are working well. If responses look unusual (loading errors, empty strings), the target connection may have failed mid-run.
The Judge scored a response as a breach but it looks safe to me.
Judge LLMs occasionally produce false positives. Always spot-check high-score traces manually. If you believe a score is incorrect, you can note it in the report's cover note field.
Can I re-run a report with different settings?
Yes. From the assessment detail page, click Generate Report again. New generations don't overwrite previous ones — all versions are kept in the Reports panel.
Account & Billing
How do I add team members?
Go to Settings → Members → Invite. Enter their email address. They'll receive an invitation to join your organization.
Can multiple team members run attacks simultaneously?
Yes — credits are shared across your organization. Multiple team members can run independent attacks at the same time.
Where can I see my usage history?
Go to Billing → Usage for a breakdown of credit consumption by day and by assessment.
Still need help?
- Contact form — aim-intelligence.com/contact
- Email — support@aim-intelligence.com