What AutoAttack proves.
You name the objective; AutoAttack proves whether an attacker can reach it. The goal is yours to set — these are the outcomes it has already proven on the standard Active Directory lab, black-box and with no credentials.
Deploy →proven
AD takeover Black-box, no credentials, Domain Admin in all three GOAD domains; a 0:51 median when the lab is hardened. See the Active Directory takeover path →
data exfiltration The same run exfiltrated the credential database — 124 credentials — while an exposure-inventory tool recovered zero. See the data exfiltration path →
the model
you set the goal The objective is plain English — take Domain Admin, reach a database, read a mailbox, find regulated data on a subnet. AutoAttack works toward whatever you name.
it proves the path Whatever the goal, the bar is the same: a captured chain that reaches it, or the routes it ruled out trying. No theoretical findings.