# AIRecon runs offline penetration testing with Kali sandbox > Source: > Published: 2026-06-17 08:53:12.342690+00:00 # AIRecon runs offline penetration testing with Kali sandbox AIRecon is an autonomous penetration-testing agent that runs entirely offline, combining a self-hosted Ollama LLM with a Kali Linux Docker sandbox, according to the project's GitHub README and coverage by Cyber Security News (June 17, 2026). The README lists native Caido proxy integration, a structured RECON -> ANALYSIS -> EXPLOIT -> REPORT pipeline, a real-time textual TUI, and an optional local security index of roughly 1.09M records stored in SQLite FTS5. The project keeps all telemetry and memory on disk, requires no cloud API keys, and does not fine-tune the LLM. It was developed by researcher pikpikcu and is available on GitHub. Cyber Security News notes the tool targets bug bounty hunters and red teamers operating under strict data-handling policies who need to avoid sending target intelligence to external servers. ### What happened According to the project's GitHub README and coverage by Cyber Security News, **AIRecon** is an autonomous penetration-testing agent that runs entirely offline and combines a self-hosted Ollama LLM with a **Kali Linux Docker sandbox**. The README documents native **Caido** proxy integration, a textual TUI for real-time interaction, and a phased pipeline described as **RECON -> ANALYSIS -> EXPLOIT -> REPORT**. The README further states that the agent can optionally index a local security knowledge base of about **1.09M** records into SQLite FTS5 for grounded dataset searches, and that it stores session memory and telemetry on disk at ~/.airecon/memory/airecon.db. ### Technical details Per the GitHub README, AIRecon avoids cloud APIs and API keys by using a self-hosted Ollama LLM, and the project explicitly says it does not fine-tune the model. The README lists built-in tooling: Kali sandboxing, browser automation, a custom fuzzer, Schemathesis API fuzzing, and Semgrep SAST integration. The agent's control logic includes periodic checkpoints at iterations of **5**, **10**, and **15** for phase evaluation, self-evaluation, and context compression, respectively. Cyber Security News notes the tool requires a model with native tool-calling support and extended thinking; models below 8B parameters are discouraged due to hallucination risk. ### Industry context Editorial analysis: Projects that combine local LLMs with containerised offensive tooling follow an emerging pattern where practitioners trade cloud convenience for data privacy and lower operational cost on high-call workflows. Observers in security tooling note that recursive autonomous recon workflows can generate thousands of LLM calls, which raises recurring API costs when using commercial models; the README explicitly frames AIRecon as a local, privacy-first alternative to API-dependent agents. ### Implications for practitioners Editorial analysis: Offensive-security practitioners and red teams evaluating LLM-assisted automation should view AIRecon as a demonstrator of fully local agent architectures - useful for environments with strict data-exfiltration policies or for cost-sensitive experimentation at scale. The inclusion of a large local knowledge index and tooling integrations (fuzzers, SAST) highlights a hybrid approach: grounding LLM decisions in indexed public security records rather than relying purely on generative model outputs. ### What to watch Editorial analysis: Observers should track community-supplied skill packs and the dataset repo linked from the author's GitHub for coverage, update cadence, and any governance around potentially dangerous offensive playbooks. For defenders and platform maintainers, the emergence of offline LLM-driven tooling raises questions about detection, safe-use guidelines, and how automated penetration frameworks will be incorporated into red-team/blue-team workflows. ## Scoring Rationale A niche open-source tool demonstrating fully local LLM-driven penetration testing, relevant to security practitioners and red teamers evaluating privacy-first agent architectures. It represents an interesting practitioner-level project rather than a broad industry shift, placing it in the solid-tool tier rather than the notable-deployment tier. Practice interview problems based on real data 1,500+ SQL & Python problems across 15 industry datasets — the exact type of data you work with. [Try 250 free problems](/problems)