## **PoC** [authzai](https://github.com/ngalongc/authzai) is an automated tool to test and analyze API endpoints for potential permission model violations using OpenAI structured outputs. By [ngalongc](https://github.com/ngalongc) ## **Details** ### What Happens When You Run the Script 1. **Database Initialization**: Sets up a SQLite database (`progress.db`) to store progress. 2. **Configuration Loading**: Reads the `configuration.json` file. 3. **API Requests**: Makes requests to each endpoint with each user authentication. 4. **Response Saving**: Saves responses to the database. 5. **Response Analysis**: Analyzes responses using OpenAI's GPT models to detect permission violations. 6. **Result Saving**: Saves analysis results back to the database. 7. **Report Generation**: Creates a `report.txt` file summarizing the findings. ### ATT&CK Matrix