# Autonomous Pentesting: Inside the Multi-Agent Architecture of PentAGI

> Source: <https://sourcefeed.dev/a/autonomous-pentesting-inside-the-multi-agent-architecture-of-pentagi>
> Published: 2026-07-10 21:02:45+00:00

[AI](https://sourcefeed.dev/c/ai)Article

# Autonomous Pentesting: Inside the Multi-Agent Architecture of PentAGI

How the open-source security tool orchestrates LLMs and sandboxed Kali Linux environments to automate offensive workflows.

[Mariana Souza](https://sourcefeed.dev/u/mariana_souza)

Offensive security has historically been a highly manual, human-driven discipline. While static scanners and vulnerability management platforms have automated basic checks, true penetration testing requires creative, multi-step reasoning that traditional scripts cannot replicate.

[PentAGI](https://github.com/vxcontrol/pentagi), an open-source autonomous agent system developed by VXControl, is shifting this paradigm. Built with Go on the backend and React on the frontend, the project has quickly gained traction, crossing 18,000 stars on GitHub. It represents a significant step forward in how security teams can approach offensive testing, moving away from static attack plans toward dynamic, multi-agent orchestration loops that plan, execute, and adapt in real time.

## Under the Hood: The Multi-Agent Orchestration Loop

PentAGI does not rely on a single LLM prompt to conduct a test. Instead, it coordinates a team of specialized agents, each designed for a specific phase of the offensive lifecycle.

``` php
flowchart TD
    Orchestrator[Orchestrator: Plans the Run] --> Researcher[Researcher: Recon & Search]
    Researcher --> Developer[Developer: Writes Exploits]
    Developer --> Executor[Executor: Runs in Isolation]
    Executor --> Report[Report: Structured Output]
```

The orchestrator manages the overall planning, delegating tasks to the researcher for reconnaissance and external search, the developer for writing custom exploit code, and the executor for running commands. The final agent compiles the findings into structured reports.

To execute these tasks, PentAGI integrates more than 20 classic security tools, including Nmap, Metasploit, and Sqlmap. Giving an autonomous agent access to raw, destructive command-line utilities is inherently risky. PentAGI addresses this by isolating all tool execution inside sandboxed [Docker](https://www.docker.com) or Podman containers. The agents run inside a curated, headless Kali Linux image, ensuring they never touch the host system directly.

Standard LLMs struggle with long-term context, often forgetting earlier findings during a long testing run. PentAGI solves this by combining [PostgreSQL](https://www.postgresql.org) with the `pgvector`

extension for command history with Graphiti, a Neo4j-powered knowledge graph. This graph-based memory system allows the agents to track semantic relationships across the target network and remember successful exploitation paths over time.

## The Developer Angle: Deploying and Running PentAGI Locally

Security teams are understandably hesitant to send internal network topologies, IP addresses, or zero-day vulnerabilities to cloud-hosted LLM APIs. Because of this, PentAGI is designed to run entirely self-hosted.

While the system supports over ten LLM providers, including OpenAI and Anthropic, the recommended setup for production local deployments is running [vLLM](https://github.com/vllm-project/vllm) paired with the Qwen3.5-27B-FP8 model. This keeps all prompt data and target findings entirely within your own infrastructure.

To get started, create a working directory, pull the environment template, and launch the core services:

```
mkdir pentagi && cd pentagi
curl -O https://raw.githubusercontent.com/vxcontrol/pentagi/master/.env.example
curl -O https://raw.githubusercontent.com/vxcontrol/pentagi/master/docker-compose.yml
cp .env.example .env
# Edit .env to configure your local vLLM or cloud LLM keys
docker compose up -d
```

For teams requiring deep visibility into how the agents are reasoning and executing commands, PentAGI integrates with [Langfuse](https://langfuse.com) for LLM observability and a standard monitoring stack featuring [Grafana](https://grafana.com), Prometheus, VictoriaMetrics, Jaeger, and Loki.

You can spin up the entire observability and analytics stack alongside the main application using the provided compose overrides:

```
echo "OTEL_HOST=otelcol:8148" >> .env
echo "LANGFUSE_BASE_URL=http://langfuse-web:3000" >> .env

docker compose -f docker-compose.yml \
  -f docker-compose-langfuse.yml \
  -f docker-compose-observability.yml up -d
```

Once running, the web UI is accessible locally, allowing you to monitor the agent's step-by-step reasoning, view the generated knowledge graph, and review the final vulnerability reports.

## Real-World Trade-Offs and Boundaries

It is important to understand the limits of what PentAGI can do today. It is an autonomous and assistant-guided penetration testing platform, not a Breach and Attack Simulation (BAS) tool like CALDERA. It does not run predefined adversary emulation campaigns or pre-authored attack scripts. If you are looking for a tool to simulate specific, known threat-actor playbooks, PentAGI is not designed for that workflow yet.

Additionally, reporting is currently geared toward human readers. The system supports web views, clipboard copying, Markdown downloads, and PDF generation, but it lacks a structured JSON export for its flow reports. This makes it harder to feed PentAGI's findings directly into automated enterprise vulnerability management pipelines without writing custom parsers.

There is also the question of model performance. While frontier models like GPT-4o or Claude 3.5 Sonnet handle complex planning tasks well, smaller local models can struggle with multi-step reasoning. Running PentAGI locally requires capable hardware to host models like Qwen3.5-27B, meaning the resource footprint for a fully local deployment is non-trivial.

## The Verdict on Autonomous Offensive Security

PentAGI demonstrates that agentic AI is ready to move beyond simple code-completion widgets and into execution-heavy, high-stakes environments. By combining a multi-agent planning loop with strict container sandboxing and graph-based memory, it provides a viable blueprint for automated offensive security.

It will not replace human security researchers for finding complex, novel zero-days. However, as an automated assistant that can handle tedious initial reconnaissance, run standard exploit payloads, and document findings, it is a powerful tool for defensive teams looking to run continuous internal audits.

## Sources & further reading

-
[vxcontrol/pentagi](https://github.com/vxcontrol/pentagi)— github.com -
[vxcontrol/pentagi - Docker Image](https://hub.docker.com/r/vxcontrol/pentagi)— hub.docker.com -
[vxcontrol/pentagi — GitHub trending stats & insights](https://trendshift.io/repositories/15161)— trendshift.io -
[VXControl — Security engineering for the agentic-AI era](https://vxcontrol.com/)— vxcontrol.com

[Mariana Souza](https://sourcefeed.dev/u/mariana_souza)· Senior Editor

Mariana covers the fast-moving world of machine learning and generative AI, with a particular focus on how these technologies are reshaping development workflows. When she isn't stress-testing the latest foundation models, she's usually at a local hackathon.

## Discussion 0

No comments yet

Be the first to weigh in.
