Yggdrasilvxcontrol/pentagi
↗ GitHubFully autonomous AI Agents system capable of performing complex penetration testing tasks
14,006
Stars
1,752
Forks
105
Watchers
17
Open Issues
Safety Rating A
PentAGI is a legitimate, high-profile open source security research tool (14K+ stars, MIT licensed) with a well-documented architecture and community. The repository contains no hardcoded production secrets or malicious code patterns. Default credentials in documentation are clearly marked as examples. The README contains no prompt injection attempts. The tool is explicitly designed for authorized penetration testing in sandboxed environments and includes security guidance (recommending root/docker-group access only for trusted users, two-node isolation for production). The offensive security nature of the project is transparent and expected for this category of tool.
ℹAI-assisted review, not a professional security audit.
AI Analysis
PentAGI is a fully autonomous, self-hosted AI agent system designed for automated penetration testing and security research. Built in Go with a React/TypeScript frontend, it deploys via Docker Compose and orchestrates a multi-agent architecture (orchestrator, researcher, developer, executor roles) to autonomously plan and execute complex penetration testing workflows. It integrates 20+ professional security tools (nmap, metasploit, sqlmap, etc.) in sandboxed containers, supports 10+ LLM providers (OpenAI, Anthropic, Gemini, AWS Bedrock, Ollama, DeepSeek, GLM, Kimi, Qwen, and custom), provides vector-based long-term memory via PostgreSQL/pgvector, an optional Neo4j/Graphiti knowledge graph, REST and GraphQL APIs, and a comprehensive monitoring stack (Grafana, Prometheus/VictoriaMetrics, Jaeger, Loki, Langfuse).
Use Cases
- Automated penetration testing of target systems using AI-driven multi-agent workflows
- Security vulnerability discovery, exploitation, and report generation
- Running isolated, sandboxed security tool suites (nmap, metasploit, sqlmap) under AI direction
- Self-hosted LLM-powered red team operations with full observability
- Integrating autonomous security testing into CI/CD pipelines via REST/GraphQL APIs
- Local/air-gapped penetration testing using open-source LLMs via Ollama or vLLM
Tags
Security Findings (2)
The .env.example and README contain placeholder default credentials (e.g., NEO4J_PASSWORD=devpassword, default admin@pentagi.com/admin login) that are clearly labeled as examples requiring replacement. These are not production secrets but pose a risk if users deploy without changing them. No actual API keys or private keys are hardcoded in source.
No specific CVEs were identified through static inspection of the repository metadata. The project uses a broad Go and Node.js dependency tree; a full audit would require runtime tooling not available here.
Project Connections
openfang
Both are self-hosted autonomous AI agent platforms supporting multiple LLM providers and workflow automation. PentAGI is specialized for offensive security/pentesting while OpenFang is a general-purpose Agent OS, but they address the same core problem of deploying autonomous AI agents in a self-hosted environment.
gsd-2
Both projects implement autonomous multi-agent workflows with LLM orchestration. GSD-2 targets autonomous software development (coding agent), while PentAGI targets autonomous penetration testing, but both share the architectural pattern of multi-step agent loops with tool use, memory, and context management.