- Prove vulns in OS or app SW to show that a security problem exists - Common example = executing `calc.exe` on windows - Representations of a PoC: - Documentation - Script/code that automatically exploits the vuln