vxcontrol

vxcontrol/pentagi

Go MIT Security

Fully autonomous AI Agents system capable of performing complex penetration testing tasks

19.4k stars
2.6k forks
active
GitHub +1.3k / week

19.4k

Stars

2.6k

Forks

66

Open issues

8

Contributors

v2.1.0 29 May 2026

AI Analysis

PentAGI is a fully autonomous AI-powered penetration testing platform that orchestrates multi-agent systems to conduct complex security assessments in sandboxed Docker environments. It is purpose-built for security professionals, penetration testers, and researchers who need automated, intelligent security testing capabilities—not suitable for general-purpose development or non-security applications.

Security Security Tool Discovery value: 4/10
Documentation 8/10
Activity 9/10
Community 8/10
Code quality 5/10

Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.

Overall score 7/10

AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.

multi-agent-systems autonomous-penetration-testing llm-orchestration security-automation ai-agents
Actively maintained Well documented MIT licensed Niche/specialized use case Popular Production ready
Deep Analysis · Based on README and public signals
1d ago

PentAGI: Self-hosted autonomous AI agent system for end-to-end penetration testing workflows

PentAGI is a self-hosted, fully autonomous AI agent framework purpose-built for penetration testing. It orchestrates a team of specialized sub-agents to plan, execute, and report on security assessments using 20+ bundled tools (nmap, metasploit, sqlmap, etc.) inside isolated Docker containers. Built for security professionals, researchers, and red teams who want AI-driven automation without sending data to third-party SaaS platforms. It supports 10+ LLM providers including local inference via Ollama/vLLM, making it viable for air-gapped or compliance-sensitive environments.

Origin

Created in January 2025, PentAGI emerged as LLM agent frameworks matured enough to handle multi-step tool use. It appears to have been purpose-built from the start as a production-grade system rather than a research prototype, evidenced by its microservices architecture, GraphQL/REST APIs, and Grafana/Prometheus integration.

Growth

The project has accumulated ~18,900 stars since January 2025, a rate suggesting sustained viral moments rather than a single spike. 830 stars in the past 7 days as of the evaluation date indicates continued momentum 18 months after launch — likely driven by growing enterprise and researcher interest in autonomous pentesting and the broader AI agent trend. Trending on Trendshift reinforces organic, ongoing discovery rather than a one-time event.

In production

No third-party case studies or named production deployments are cited in the README. The presence of Grafana/Prometheus integration, horizontal scaling support, Bearer token auth, and a pgvector-backed persistent store suggests the system was designed with production use in mind. Community Discord and Telegram channels imply an active user base, but independent verification of production deployments at scale is not available. Adoption not fully verified beyond community signals.

Code analysis
Architecture

Appears to be a microservices architecture written in Go for the core backend, with PostgreSQL (pgvector) for persistent storage, Neo4j (via Graphiti) for knowledge graph, and Docker-in-Docker for sandboxed tool execution. Likely uses an orchestrator-agent pattern where a planner agent delegates to specialist sub-agents (research, development, infrastructure). REST and GraphQL APIs suggest a well-structured service boundary. Frontend appears to be a separate web UI service. Langfuse and Prometheus/Grafana integration suggests observability was designed in, not bolted on.

Tests

README mentions 'Testing LLM Agents', 'Embedding Configuration and Testing', and 'Function Testing with ftester' sections, suggesting some structured testing tooling exists. However, coverage percentage and CI test pipeline details are not documented in the README excerpt.

Maintenance

Last push was July 3, 2026, approximately 6 days before the evaluation date. This indicates active, recent development. The project is ~18 months old and shows no signs of abandonment. Community channels (Discord, Telegram) are actively promoted, suggesting maintainer engagement beyond just code commits.

Honest verdict

ADOPT IF: you are a security professional or red team needing a self-hosted, multi-LLM autonomous pentesting platform with isolated execution, persistent memory, and reporting — especially if data sovereignty or compliance rules out SaaS options. AVOID IF: you need a mature, audited tool with documented production deployments and formal CVE coverage guarantees; the fully autonomous nature raises real risk of unintended actions in insufficiently scoped engagements. MONITOR IF: you are evaluating AI-assisted pentesting tooling for future adoption but need to see more real-world validation, community-contributed tooling expansions, or formal security audit results before committing.

Independent dimensions

Mainstream potential

6/10

Technical importance

8/10

Adoption evidence

4/10

Risks
  • Fully autonomous execution of penetration testing tools introduces significant risk of scope creep, unintended system impact, or legal exposure if used without strict targeting controls — the README does not prominently address safeguards around this.
  • Dependency on external LLM providers (OpenAI, Anthropic, etc.) for non-local deployments means reliability, cost, and data privacy are tied to third-party API availability and policy changes.
  • Complex multi-service stack (PostgreSQL, Neo4j, Docker-in-Docker, Prometheus, Grafana) increases operational burden — may be non-trivial to maintain securely in production environments.
  • No independently verified production deployments or security audits of the framework itself are documented; using an unaudited tool to conduct security assessments creates a meta-risk.
  • The AI agent coordination logic quality is not verifiable from the README alone — autonomous multi-step pentesting reliability likely varies significantly depending on LLM choice and target complexity.
Prediction

PentAGI is likely to grow into a reference implementation for autonomous AI pentesting frameworks, attracting enterprise red teams and security tooling vendors as LLM reliability improves. However, regulatory scrutiny of autonomous offensive security tools may constrain mainstream adoption.

0 found this helpful

Newsletter

Get analyses like this every Monday

Free weekly digest of the most interesting open-source discoveries.

Languages

Go
68.5%
TypeScript
28.3%
Go Template
2.7%
CSS
0.2%
PLpgSQL
0.2%
Dockerfile
0.1%
Shell
0.1%
JavaScript
0%

Information

Language
Go
License
MIT
Last updated
7d ago
Created
18mo ago
Analyzed with
anthropic/claude-haiku-4-5

Stars over time

Loading…

Contributors over time

Top 100 contributors only — repos with more will plateau at 100.

Loading…

Similar repos

Armur-Ai

Armur-Ai/Pentest-Swarm-AI

Pentest Swarm AI is an autonomous penetration testing framework that...

GH05TCREW

GH05TCREW/pentestagent

PentestAgent is an AI-powered agent framework designed for autonomous black-box...

2.8k Python Security
bugbasesecurity

bugbasesecurity/pentest-copilot

Pentest Copilot is an AI-driven penetration testing agent that autonomously...

1.1k TypeScript Security
GreyDGL

GreyDGL/PentestGPT

PentestGPT is an AI-powered autonomous penetration testing agent framework that...

14.2k Python Security
0xSteph

0xSteph/pentest-ai-agents

pentest-ai-agents is a collection of 50 Claude Code subagents that extend...

2k Shell Security
vs. alternatives
PentestGPT (GreyDGL)

PentestGPT (14,161 stars, Python) is more widely cited in academic/research contexts and focuses on LLM-assisted guidance rather than full autonomy. PentAGI has higher star velocity and offers deeper tool integration and self-hosted deployment, but PentestGPT has a longer track record and broader research community familiarity.

GH05TCREW/pentestagent

Similar autonomous agent concept with 2,744 stars in Python. PentAGI appears more production-oriented with its microservices design, multi-LLM support, and observability stack. Python-based tools may be easier for security researchers to extend, while PentAGI's Go backend may offer better performance.

Armur-Ai/Pentest-Swarm-AI

Also Go-based with 2,003 stars. PentAGI significantly outpaces it in adoption signals and feature breadth. The swarm approach differs architecturally, but both target similar autonomous pentesting workflows.

bugbasesecurity/pentest-copilot

TypeScript-based, 1,065 stars, likely positioned as a copilot (human-in-the-loop) rather than fully autonomous. PentAGI's fully autonomous framing differentiates it for users wanting minimal human intervention, though autonomy introduces its own risk surface.

0xSteph/pentest-ai-agents

Shell-based with 1,964 stars, suggesting a lighter-weight or scripting-oriented approach. PentAGI offers a more complete system with UI, APIs, and persistent memory, but may have higher operational overhead for simple use cases.