AI for Automation
Back to AI News
2026-03-18AI SecurityPenetration TestingOpen SourceAI AgentsSecurity ToolsDocker

No Need to Hire a Hacker — AI Does Your Security Testing Now. PentAGI Crosses 10K GitHub Stars

PentAGI, an open-source security tool where three AI agents team up to automatically run hacking simulations, has surpassed 10,000 GitHub stars. Install it with a single Docker command, and the AI selects and combines over 20 professional security tools on its own.

To check whether your company's website has security holes, you'd normally spend tens of thousands of dollars hiring a professional hacker (penetration tester). PentAGI is an open-source tool that lets AI do this job for you. With over 9,954 GitHub stars and 1,200 forks, it's turning heads across the security industry.

How PentAGI Works — AI Agent-Based Automated Penetration Testing

Three AI Hackers Team Up for Security Testing

Inside PentAGI, there are three AI agents, each with a different role.

🔍 Researcher — Gathers information about the target system and searches known vulnerability databases. This automates the "reconnaissance" phase, where a hacker collects intel before launching an attack.
💻 Developer — Writes the actual exploit code (code designed to take advantage of discovered vulnerabilities). The AI handles what used to require manual coding.
⚡ Executor — Runs the exploit code inside a safe, isolated virtual environment (a Docker container) and logs the results.

These three agents communicate with each other and carry out security testing automatically. All you have to do is say, "Test this website."

AI Picks and Combines 20+ Professional Hacking Tools

The AI selects and combines the same tools that security professionals use, adapting to each situation.

  • nmap — Scans for open ports (entry points accessible from the outside) on a server
  • sqlmap — Automatically detects SQL injection vulnerabilities (a way to hack databases through manipulated queries)
  • metasploit — A framework that attempts real attacks using known security vulnerabilities
  • Plus 20+ other professional tools, automatically selected based on the situation

In real-world testing, PentAGI successfully discovered a SQL injection vulnerability (a critical flaw that allows outsiders to manipulate a database) in a web application and even managed to extract the administrator account password. You can see the full process in this sample report.

PentAGI UI in Action — AI-Powered Security Testing Chat Interface

ChatGPT, Claude, Free Models — Pick the AI You Want

PentAGI supports 10+ AI models.

Supported AI Models:

  • OpenAI (GPT-4o, GPT-5, etc.)
  • Anthropic (Claude)
  • Google Gemini
  • AWS Bedrock
  • DeepSeek
  • Ollama (run locally for free)
  • Qwen (Alibaba)
  • OpenRouter
  • DeepInfra
  • Connect your own custom models

With Ollama, you can run free AI models (e.g., Qwen 3.5 27B) on your own computer, making security testing possible without any API costs. In actual tests using the Qwen 3.5 model, it took 2–3x longer than commercial models, but result quality improved by 2x (when using the execution monitoring feature).

The AI Remembers and Learns — Knowledge Graph-Based Memory

Another major strength of PentAGI is its memory. Using Neo4j (a graph database) and Graphiti (a knowledge graph tool), it remembers attack methods that worked in the past.

For example, if PentAGI found a SQL injection on Site A, it immediately applies that experience when testing Site B with a similar structure. In other words, it's a security tool that gets smarter the more you use it.

One Docker Command and You're Done

Setup is simple. All you need is Docker.

# 1. Clone the repository
git clone https://github.com/vxcontrol/pentagi.git
cd pentagi

# 2. Copy the environment config file
cp .env.example .env

# 3. Enter your AI model API key in .env, then run
docker compose up -d

Once it's running, a dashboard opens in your web browser. Just type "Check the security of this IP address" and the AI starts working automatically.

All operations run inside isolated Docker containers, so there's no impact on your computer or network.

Hiring a Professional Pentester vs. AI Security Testing

A typical outsourced penetration test costs $7,000–$35,000 per engagement and takes 2–4 weeks. Install PentAGI on your own server, and you can run similar tests repeatedly for just the AI model API cost (a few dollars per test on OpenAI). Use a free model via Ollama, and the only cost is electricity.

Of course, AI can't fully replace human experts just yet. But for routine baseline security checks, quick scans before deploying new features, and in-house security audits at small startups, it's more than practical enough.

v1.2.0 Latest Update — Reasoning Model Support & Cost Savings

The latest version, v1.2.0, released in February 2025, includes the following additions:

  • Reasoning model support — Plan more complex attack scenarios using "thinking" AI models like o1 and o3
  • Token caching — Reduces AI usage costs by avoiding repeated queries
  • Usage analytics dashboard — See at a glance which models were used and how much
  • REST API — Integrate with other security tools or automation pipelines
  • Langfuse v3 integration — Track and debug the AI's decision-making process

Important Warning — Never Use on Unauthorized Systems

PentAGI must only be used for legitimate security testing purposes. You may only use it on your own servers, your company's systems, or targets for which you have explicit authorization. Testing someone else's system without permission can result in criminal prosecution.

Related ContentGet Started with AI | Free Learning Guide | More AI News

Sources

Stay updated on AI news

Simple explanations of the latest AI developments