pentagi

PentAGI is a self-hosted system that uses AI agents to run penetration tests automatically. Penetration testing is the practice of probing a computer system for security weaknesses by acting like an attacker; PentAGI's pitch is that an AI agent can plan and execute many of those probing steps on its own, so a single security engineer can cover more ground with less manual effort. The name is short for "Penetration testing Artificial General Intelligence."

Under the hood, the system runs the agent's work inside an isolated Docker sandbox and gives it a built-in suite of more than 20 professional security tools, including nmap, metasploit, and sqlmap. A team of specialized AI agents handles research, development, and infrastructure tasks separately, with optional execution monitoring and task planning. It also has a long-term memory store, a knowledge graph powered by Graphiti and Neo4j for tracking relationships between findings, a built-in scraper for browsing the web, and integrations with several search APIs. Results land in a PostgreSQL database with the pgvector extension, and there is a web UI plus REST and GraphQL APIs with Bearer token authentication. Logging and monitoring come through Grafana, Prometheus, Langfuse, Jaeger, and Loki.

Information security professionals, researchers, and ethical hacking enthusiasts are the intended users. PentAGI works with more than ten LLM providers including OpenAI, Anthropic, Google Gemini, AWS Bedrock, Ollama, DeepSeek, GLM, Kimi, and Qwen, plus aggregators like OpenRouter. The backend is written in Go and deploys via Docker Compose. The full README is longer than what was provided.