PentAGI: Autonomous Penetration Testing with AI Agents

What PentAGI Is and Why It Matters

PentAGI is an open source system by vxcontrol that automates penetration testing through a multi-agent LLM-based architecture. The project, which has crossed 10,000 stars on GitHub, orchestrates specialized AI agents that autonomously perform reconnaissance, vulnerability analysis, and exploitation — all inside isolated Docker containers.

The concept is straightforward: instead of manually running nmap, sqlmap, or Metasploit, you describe the target and PentAGI plans and executes the tests on its own. The backend is written in Go (76% of the codebase), the frontend uses React with TypeScript, and communication flows through GraphQL APIs.

Architecture and Core Components

The system uses a microservices architecture with three specialized agent types:

• Researcher: analyzes the target, searches for known vulnerabilities, queries the vector store for similar patterns
• Developer: plans the attack strategy, selects exploits, defines the operation sequence
• Executor: runs commands inside sandboxed Docker containers with 20+ pre-installed professional tools

Every operation lands in PostgreSQL with the pgvector extension for semantic search. PentAGI maintains long-term memory: results from previous sessions feed into future ones. There is also a Neo4j-based knowledge graph via Graphiti, useful for tracking relationships between vulnerabilities, targets, and attack techniques.

For monitoring, the stack includes Grafana, VictoriaMetrics, Jaeger for distributed tracing, and Loki for log aggregation. LLM observability is handled through Langfuse.

Configuration and Supported Providers

PentAGI supports over 10 LLM providers: OpenAI, Anthropic, Google Gemini, AWS Bedrock, DeepSeek, Ollama (for local models), and aggregators like OpenRouter and DeepInfra. There is also a guide for local deployment with vLLM and Qwen3.5-27B.

Minimum requirements are modest: 2 vCPUs, 4 GB RAM, 20 GB disk space. Installation uses Docker Compose or an interactive installer available for Linux, macOS, and Windows. The system exposes REST and GraphQL APIs with Bearer token authentication.

For information gathering, PentAGI integrates Tavily, Perplexity, DuckDuckGo, Google Custom Search, and Sploitus (exploit-specific). It also includes an isolated web scraper to collect data directly from target sites.

Limitations and Considerations

PentAGI uses MIT license for the core, but the integrated VXControl Cloud SDK falls under AGPL-3.0 for forks. Anyone building proprietary derivatives needs to remove the SDK or obtain a commercial license.

Like any automated security tool, result quality depends on the LLM model used. The README includes specific recommendations for open source models — a sign the maintainers are aware of the limitations of smaller LLMs. The execution monitoring and intelligent task planning features, still in beta, exist precisely to compensate for these limitations.

This is a tool built for information security professionals. It does not replace an experienced pentester, but it automates the most repetitive phases and can significantly speed up reconnaissance.

FAQ

Can PentAGI replace a professional pentester? No. It is designed to automate the repetitive phases of security testing, not to replace expert judgment. It serves as an accelerator, especially during reconnaissance.

Which LLM models work best with PentAGI? Best results come from GPT-4 and Claude, but the system also supports local models through Ollama. The README includes a dedicated section with recommendations for open source models.

Do I need dedicated hardware to run PentAGI? No, minimum requirements are 2 vCPUs and 4 GB RAM. You need Docker or Podman and internet access for container images.