elder-plinius

elder-plinius/T3MP3ST

TypeScript AGPL-3.0 Security

autonomous red teaming platform; multi-agent offensive-security meta-harness

4.2k stars
904 forks
active
GitHub +3.6k / week
Tracked from 572 stars · Jul 5 → 4.2k today (7×)

4.2k

Stars

904

Forks

37

Open issues

10

Contributors

AI Analysis

T3MP3ST is an autonomous multi-agent offensive security framework that integrates with existing AI coding agents (Claude, Codex, Ollama, etc.) to automate red-team engagements—reconnaissance, exploitation, and reporting—without requiring additional API keys or cloud infrastructure. It is purpose-built for authorized security researchers, penetration testers, and red-team operators who want to leverage AI-driven vulnerability discovery on authorized targets; it is not a general-purpose securit...

Security Security Tool Discovery value: 6/10
Documentation 8/10
Activity 9/10
Community 7/10
Code quality 6/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 7/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

multi-agent offensive-security vulnerability-discovery red-teaming ai-driven-hacking
Actively maintained Well documented AGPL-3.0 licensed Niche/specialized use case Production ready
Deep Analysis · Based on README and public signals
5d ago

Multi-agent red-teaming framework that wraps existing AI coding agents into offensive-security automation

T3MP3ST is a TypeScript-based framework designed to coordinate multiple AI agents for offensive-security tasks: reconnaissance, exploitation, and reporting against authorized targets. It claims to work with Claude Code, Codex, and Hermes without requiring new API keys. The project reports 90.1% pass-rate on a proprietary XBEN benchmark and 8/10 success on held-out 2026 CVEs. Created 2026-07-02 with 622 stars and 191 forks as of 2026-07-05—extremely new with no evident real-world production adoption yet.

Origin

Project was created on 2026-07-02 (3 days before current date). README indicates a multi-phase development arc with recon engine marked stable and exploit chains benchmarked, while other capabilities (source-code analysis, smart contracts) flagged experimental. Author emphasis on reproducibility via `npm run verify-claims` suggests response to skepticism about benchmark claims.

Growth

0 stars gained in the 7 days preceding analysis snapshot. Repository is 3 days old at evaluation date. Initial spike to 622 stars likely reflects novelty and hacker-news / security-community attention to a fresh tool claiming LLM-driven exploitation, but no trajectory data exists to establish whether momentum is sustained or decaying.

In production

Adoption not verified. README describes the framework as a bet ('ambitious bet') on bringing offensive security to a broader audience and mentions 'drafts held for vendor coordination right now,' implying potential early traction with security researchers or vendors—but provides no documented case studies, deployment counts, or user testimonies. Stars and forks alone do not constitute adoption evidence; they reflect interest, not use.

Code analysis
Architecture

Based on README: appears to be a TypeScript harness that wraps third-party AI coding agents (Claude, Codex, Hermes) and orchestrates multi-step kill-chain logic (recon → exploit → report). Likely uses HTTP API or MCP (Model Context Protocol) to communicate with local or cloud agents. README mentions 'tool-backed' recon engine and a 'coordinated-disclosure pipeline,' suggesting modular operator design. Actual implementation details not inspectable from README alone.

Tests

README mentions `verify-claims` script that re-derives benchmark numbers from committed JSON in `bench/` directory. This is a reproducibility mechanism, not a unit/integration test suite. Actual test coverage not documented.

Maintenance

Last push 2026-07-05 03:25:51 (very recent, consistent with 3-day-old repo). Push frequency cannot be established from single metadata point. No issue/PR activity documented. README suggests active development (scaffolding vs. roadmap items clearly marked), but project age (72 hours) makes long-term maintenance signals impossible to evaluate.

Honest verdict

ADOPT IF: (1) you have authorized targets for red-teaming and local AI agents (Claude Code, Codex) already running; (2) you want to experiment with LLM-driven recon/exploit automation in a reproducible way; (3) you're willing to accept an extremely young codebase and help shape its roadmap. AVOID IF: (1) you need production-hardened, battle-tested exploitation tools for regulated environments (use Metasploit, Burp Suite); (2) you require vendor support or SLAs; (3) you want evidence of real-world deployment at scale before investing engineering time. MONITOR IF: (1) you're researching LLM-driven security automation and want to track how benchmarks and real-world CVE hunting evolve; (2) the smart-contract and source-code hunting domains mature beyond their current experimental status; (3) adoption in academic/CTF communities grows over the next 6–12 months.

Independent dimensions

Mainstream potential

3/10

Technical importance

6/10

Adoption evidence

1/10

Risks
  • Project age (3 days old at evaluation) means zero production hardening, unknown edge cases, and no track record of stability under real-world load.
  • Benchmark claims (90.1% on XBEN, 8/10 on held-out CVEs) are reproducible via committed data, but the scale is small (104-challenge suite, 10 CVEs) and domain may not generalize to attacker-class adversaries or zero-days outside the benchmark distribution.
  • Dependency on external AI agents (Claude, Codex, Hermes) means T3MP3ST's security posture is coupled to those vendors' API stability, prompt-injection resilience, and rate limits. No fallback documented.
  • AGPL-3.0 license may restrict commercial deployment and derivative work; unclear if this aligns with intended user base (security consultants, enterprises).
  • No evidence of real-world offensive testing or disclosure coordination yet; 'drafts held for vendor coordination' is speculative and unverified.
Prediction

T3MP3ST is likely to remain a specialized research and educational tool for LLM-driven security automation. Mainstream adoption in professional red-teaming or pentesting services is improbable unless (a) benchmark performance holds on significantly larger, real-world CVE datasets, (b) a commercial entity or major security firm builds a hardened product on top of it, or (c) it becomes the de facto framework in academic/CTF security communities. More probable: 2–5 year phase as a niche project for researchers and hobbyists, then either dormancy or acquisition/incorporation into a larger platform.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

TypeScript
59.3%
JavaScript
37%
Python
1.5%
Shell
1%
C
0.4%
Dockerfile
0.4%
Java
0.3%
Go
0.1%

Information

Language
TypeScript
License
AGPL-3.0
Last updated
22h ago
Created
1w ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Recent releases

No releases published yet.

Similar repos

CyberStrikeus

CyberStrikeus/CyberStrike

CyberStrike is an open-source AI-powered offensive security agent that...

1.2k TypeScript Security
Armur-Ai

Armur-Ai/Pentest-Swarm-AI

Pentest Swarm AI is an autonomous penetration testing framework that...

elder-plinius

elder-plinius/G0DM0D3

G0DM0D3 is an open-source, privacy-first multi-model chat interface that...

8.9k TypeScript AI & ML
0xSteph

0xSteph/pentest-ai-agents

pentest-ai-agents is a collection of 50 Claude Code subagents that extend...

2k Shell Security
Ed1s0nZ

Ed1s0nZ/CyberStrikeAI

CyberStrikeAI is an agentic execution layer for authorized cybersecurity...

vs. alternatives
Metasploit Framework

Metasploit is a mature, decades-old exploitation platform with extensive manual payloads and community exploit modules. T3MP3ST attempts to automate exploit discovery and chain-building via LLM agents rather than relying on pre-built modules—a fundamentally different approach, not a direct replacement.

Burp Suite Pro (with Copilot extensions)

Burp is the dominant commercial web-app penetration-testing platform. T3MP3ST targets similar domains (web recon/exploit) but via open-source LLM orchestration. No evidence T3MP3ST integrates with Burp or matches its coverage; likely serves users unable or unwilling to license Burp.

Cobalt Strike

Cobalt Strike is a professional, closed-source command-and-control framework for adversary simulation. T3MP3ST is open-source and agent-driven, targeting broader accessibility rather than depth of command infrastructure. Different positioning and licensing model.

OpenAI Codex / Claude Code direct use

Users could manually prompt Claude Code or Codex to find vulnerabilities. T3MP3ST wraps this workflow in a multi-operator harness with structured recon/exploit/report pipelines and reproducible benchmarking. Adds orchestration and repeatability, not fundamentally new capability.

Binary Ninja / Ghidra + manual LLM integration

Security researchers already use static-analysis tools and manually query LLMs for code insights. T3MP3ST likely automates this loop for source-code hunting, but README flags this domain as 'Python-only ingest' and experimental.