Armur-Ai

Armur-Ai/Pentest-Swarm-AI

Go AGPL-3.0 Security

Autonomous penetration testing using a swarm of AI agents. Orchestrates recon, classification, exploitation, and reporting specialists with ReAct reasoning — supports bug bounty, continuous monitoring, and CTF modes. Built with Go, Claude API, and 7+ native security tools.

2k stars
396 forks
recent
GitHub

2k

Stars

396

Forks

12

Open issues

6

Contributors

v0.1.0 07 May 2026

AI Analysis

Pentest Swarm AI is an autonomous penetration testing framework that orchestrates multiple AI agents (recon, classification, exploitation, reporting) using stigmergic coordination and ReAct reasoning to conduct comprehensive security assessments. Built in Go with integrations to nmap, sqlmap, Burp, ZAP, Metasploit, and other offensive tools, it serves bug bounty hunters, red teams, and security researchers who need coordinated multi-agent reconnaissance and exploitation—not general-purpose de...

Security Security Tool Discovery value: 6/10
Documentation 7/10
Activity 9/10
Community 8/10
Code quality 5/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 7/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

multi-agent-orchestration autonomous-penetration-testing llm-tool-integration swarm-intelligence offensive-security-automation
Actively maintained Niche/specialized use case Popular
Deep Analysis · Based on README and public signals
2w ago

Swarm-based autonomous pentesting with Claude; early-stage tool emphasizing multi-agent coordination over sequential pipelines

Pentest Swarm AI is a Go-based framework that orchestrates multiple AI agents (reconnaissance, classification, exploitation, reporting) using stigmergic coordination—agents share findings on a blackboard rather than following a linear pipeline. Built to work with Claude (and other LLMs via OpenAI-compatible APIs), it integrates nmap, sqlmap, Burp, ZAP, and Metasploit. Adoption remains early and adoption not verified at scale; project is ~15 months old with 1,974 stars and active maintenance. Targets bug bounty operators, red teamers, and CTF competitors who want automated reconnaissance and exploitation workflows.

Origin

Launched March 2026 as a response to the Anthropic Mythos release (frontier reasoning model). Explicitly positioned as a toolchain to operationalize advanced reasoning models in offensive security, building on precedent from PentestGPT, PentAGI, and similar multi-agent pentest projects. Frames itself as filling a gap between true swarm intelligence and sequential multi-agent pipelines.

Growth

Strong early adoption curve: 1,974 stars in 15 months, 134 stars in last 7 days as of June 2026, 392 forks. Growth appears correlated with Mythos release hype and expanded awareness of AI-driven security testing. Recent uptick in stars suggests continued interest, though whether this reflects genuine production deployments or research/hobby interest is unclear from public signals alone.

In production

Adoption not verified. No case studies, testimonials, bug bounty platform integrations, or enterprise deployments documented. Tool is positioned for bug bounty and CTF use, but evidence of real operators using it in production workflows is absent from README and public metadata. Star count and fork activity suggest research/evaluation interest rather than confirmed production use.

Code analysis
Architecture

Likely uses a Postgres-backed blackboard for stigmergic coordination, with agent trigger predicates that activate based on findings rather than a central orchestrator. README describes decentralized agent model with pheromone-weighted finding decay. Likely integrates native security tools via subprocess or API calls. Specific implementation details not verifiable from README alone.

Tests

Not documented in README. No indication of unit test or integration test suite mentioned.

Maintenance

Last push 2026-06-20 (8 days before evaluation date), indicating active maintenance. Repository appears to be under regular development. README references alpha status; typical sign of pre-1.0 project still evolving API and features. Go 1.24 dependency noted. Maintenance frequency is consistent with early-stage project actively seeking adoption.

Honest verdict

ADOPT IF: you are evaluating AI-driven swarm coordination for pentesting, comfortable with alpha-stage tooling, and want to experiment with stigmergic agent architectures before committing to sequential multi-agent frameworks. You have time to contribute or fork if workflow doesn't match your target. AVOID IF: you require production-grade stability, extensive documentation, verified real-world case studies, or integration with established commercial pentesting workflows; adoption evidence is lacking and API may change. MONITOR IF: you work in red team automation or bug bounty operations and want to track whether this swarm model proves superior to centralized orchestration—early indicator of a maturing category.

Independent dimensions

Mainstream potential

4/10

Technical importance

6/10

Adoption evidence

2/10

Risks
  • Alpha status and lack of documented production deployments create uncertainty about real-world reliability and tool robustness.
  • Dependency on Claude API (and Anthropic Mythos availability) creates external bottlenecks; tool may be marketed for Mythos but availability/cost unknown.
  • AGPL-3.0 license may deter some commercial users; forking or modification triggers copyleft obligations.
  • No public evidence of bug bounty platform integration or automated reporting submission workflows; manual post-processing may be required.
  • Stigmergic coordination model, while novel in pentest domain, is architecturally unproven at scale; blackboard contention, pheromone decay tuning, and emergence reliability untested in production.
Prediction

If Mythos access widens and frontier reasoning models become standard, Pentest Swarm AI may grow into a recognized niche tool for researchers and well-resourced red teams. More likely: project remains in alpha/research territory; adoption plateaus unless real-world case studies emerge or integration with commercial platforms accelerates. Stigmergy concept may be influential for future multi-agent pentest design, but this specific tool may not achieve mainstream adoption.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

Go
91.3%
TypeScript
3%
Python
2.9%
Dockerfile
0.9%
Go Template
0.8%
Shell
0.5%
PLpgSQL
0.3%
Makefile
0.2%

Information

Language
Go
License
AGPL-3.0
Last updated
3w ago
Created
28mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Similar repos

vxcontrol

vxcontrol/pentagi

PentAGI is a fully autonomous AI-powered penetration testing platform that...

19.4k Go Security
GH05TCREW

GH05TCREW/pentestagent

PentestAgent is an AI-powered agent framework designed for autonomous black-box...

2.8k Python Security
0xSteph

0xSteph/pentest-ai-agents

pentest-ai-agents is a collection of 50 Claude Code subagents that extend...

2k Shell Security
Ed1s0nZ

Ed1s0nZ/CyberStrikeAI

CyberStrikeAI is an agentic execution layer for authorized cybersecurity...

CyberStrikeus

CyberStrikeus/CyberStrike

CyberStrike is an open-source AI-powered offensive security agent that...

1.2k TypeScript Security
vs. alternatives
PentAGI (vxcontrol, 17,987 stars)

Larger, more established; also Go-based autonomous agent. Pentest Swarm AI differentiates on stigmergy/blackboard model vs. PentAGI's orchestration model, but adoption and maturity significantly favor PentAGI.

PentestAgent (GH05TCREW, 2,688 stars)

Python-based; more stars. Pentest Swarm AI's Go foundation and claimed swarm coordination are structural differences, but adoption parity unclear.

CyberStrikeAI (Ed1s0nZ, 4,774 stars)

Also Go; larger audience. Pentest Swarm AI's focus on stigmergic coordination may appeal to different use case, but market leadership firmly held by CyberStrikeAI.

Manual pentesting + traditional OSINT pipelines

Pentest Swarm AI aims to automate discovery and initial exploitation; success depends on reliability of agent reasoning and tool integration, not on replacing established methodologies but augmenting them.

Burp Suite Pro / Metasploit (commercial + open-source incumbents)

Pentest Swarm AI sits atop these tools; orchestrates rather than replaces. Adoption success depends on whether swarm model + LLM reasoning delivers more value than traditional sequential workflows.