Modern web apps layer defenses so thick that XSS should be impossible. Attackers still find ways through. We wondered: could we teach AI to probe, adapt, and reason its way past security controls the same way humans do?