// Agent profile
PentAGI (Penetration testing Artificial General Intelligence) is a fully autonomous security testing platform that uses AI agents to perform complex penetration testing tasks without human intervention. It deploys a multi-agent team with specialized roles — researcher, developer, and executor — that collaborate to analyze targets, plan attack strategies, execute testing commands in isolated Docker sandboxes, and generate detailed vulnerability reports. The platform integrates 20+ professional security tools (nmap, metasploit, sqlmap, nikto, gobuster, and more), stores findings in a long-term memory system with semantic search via PostgreSQL and pgvector, and builds knowledge graphs using Neo4j and Graphiti for contextual reasoning across engagements. PentAGI supports 10+ LLM providers including OpenAI, Anthropic, Ollama, AWS Bedrock, and DeepSeek, with advanced monitoring via Grafana/Prometheus dashboards and Langfuse analytics. REST and GraphQL APIs with Bearer token authentication enable integration into existing security workflows.
PentAGI — Penetration testing Artificial General Intelligence — is an autonomous security testing platform that replaces the manual, time-consuming parts of penetration testing with AI agents. Instead of a human security tester manually running tools and interpreting results, PentAGI deploys a multi-agent team that autonomously determines the testing approach, executes commands, analyzes results, and iterates until it has mapped the target’s attack surface and identified exploitable vulnerabilities. The entire execution happens inside sandboxed Docker containers, so no test commands touch the host system.
Multi-agent architecture: PentAGI uses specialized agent roles — a researcher that gathers intelligence and analyzes the target, a developer that writes custom scripts and payloads, and an executor that runs security tools and interprets their output. The agents coordinate through a shared context and long-term memory system, enabling complex multi-step attack chains that would require significant expertise from a human tester.
Professional tooling: The platform integrates 20+ industry-standard security tools out of the box — port scanners (nmap), vulnerability scanners (nikto), exploitation frameworks (metasploit), SQL injection tools (sqlmap), directory bruteforcers (gobuster), and more. Each tool runs in its own sandboxed environment with appropriate permissions.
Memory and knowledge: Findings persist in a long-term memory system backed by PostgreSQL with pgvector for semantic search. A knowledge graph built on Neo4j and Graphiti allows the agents to reason about relationships between discovered services, vulnerabilities, and attack paths — both within a single engagement and across historical tests.
LLM flexibility: PentAGI supports 10+ LLM providers, so teams can choose between cloud APIs (OpenAI, Anthropic, AWS Bedrock) and local models (Ollama, DeepSeek) based on their security and compliance requirements. A supervised mode with execution monitoring is available for smaller models that benefit from human oversight.
Security teams use PentAGI for automated reconnaissance and vulnerability assessment of internal networks and web applications. It suits continuous security testing in CI/CD pipelines — run PentAGI against staging environments before deployment to catch regressions. Red teams use it to augment manual testing by handling the repetitive scanning and enumeration phases while humans focus on creative exploitation. Organizations with limited security staff use it to maintain a baseline of testing coverage that would otherwise require expensive external consultants.
PentAGI is a powerful offensive security tool — deploying it against targets you do not own or have explicit authorization to test is illegal and unethical. The quality of results depends heavily on the LLM provider chosen; larger models produce more sophisticated attack strategies. Self-hosting requires Docker Compose and access to LLM API keys. The platform generates detailed vulnerability reports but does not automatically remediate findings — a human security professional should review and prioritize the results.
PentAGI is built for security teams, penetration testers, and DevSecOps engineers who want to automate the repetitive phases of security testing. It suits organizations that need continuous security assessment but lack the staff for manual testing at scale. Red teams benefit from it as an augmentation tool that handles enumeration and reconnaissance while humans focus on the creative exploitation work that still requires human judgment.
Local-first session intelligence and analytics platform for coding agents, supporting Claude Code, Codex, and 20+ other agents.
817 structured cybersecurity skills for AI agents mapped to MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND, NIST AI RMF, and MITRE F3.
Disposable, network-restricted Linux VMs for AI coding agents — hypervisor isolation without Dockerfiles or devcontainers.