# Pentagi — Autonomous AI Agents for Penetration Testing > Pentagi is a self-hosted platform that deploys autonomous AI agents capable of performing complex penetration testing tasks, from reconnaissance to vulnerability analysis and reporting. ## Install Save the content below to `.claude/skills/` or append to your `CLAUDE.md`: # Pentagi — Autonomous AI Agents for Penetration Testing ## Quick Use ```bash git clone https://github.com/vxcontrol/pentagi.git && cd pentagi docker compose up -d # Open http://localhost:8080 and configure your first assessment ``` ## Introduction Pentagi orchestrates multiple AI agents that collaborate on penetration testing engagements. Each agent specializes in a different phase of the assessment lifecycle, from network scanning and service enumeration to exploit analysis and report generation, all managed through a single web dashboard. ## What Pentagi Does - Deploys specialized AI agents for reconnaissance, scanning, exploitation analysis, and reporting - Coordinates multi-agent collaboration through a GraphQL-based task queue - Generates detailed assessment reports with evidence and remediation guidance - Integrates with standard security tools like Nmap, Nuclei, and custom scripts - Provides a React-based dashboard for monitoring agent activity in real time ## Architecture Overview Pentagi is built in Go with a React frontend and uses GraphQL for API communication. The orchestration layer manages agent lifecycles, distributes tasks, and aggregates findings into a shared knowledge graph. Each agent runs in an isolated container with access to a curated toolkit. Results are persisted in PostgreSQL and presented through the web UI. ## Self-Hosting & Configuration - Deploy with Docker Compose; requires Docker Engine 20+ and 4 GB RAM minimum - Configure LLM provider credentials via `.env` (supports OpenAI and Anthropic APIs) - Adjust agent concurrency and tool access in `config.yaml` - TLS termination handled by your reverse proxy; no built-in certificate management - Persistent data stored in a PostgreSQL volume; back up with standard pg_dump ## Key Features - Multi-agent architecture with specialized roles per assessment phase - Real-time dashboard showing agent reasoning and tool invocations - Automated report generation with structured findings - Extensible tool integration via container-based plugins - Self-hosted and air-gappable for sensitive environments ## Comparison with Similar Tools - **Nuclei** — template-based scanner; Pentagi adds autonomous reasoning and multi-phase orchestration - **Metasploit** — framework requiring manual operation; Pentagi automates the workflow with AI agents - **Burp Suite** — GUI-centric web app scanner; Pentagi covers broader infrastructure assessments - **PentestGPT** — single-agent assistant; Pentagi uses coordinated multi-agent collaboration ## FAQ **Q: Is Pentagi intended for authorized testing only?** A: Yes. Pentagi is designed for legitimate penetration testing engagements with proper authorization. **Q: Which LLM providers are supported?** A: OpenAI and Anthropic APIs are supported out of the box. Local models can be configured via compatible endpoints. **Q: Can I add custom security tools?** A: Yes. Tools are containerized plugins; add new ones by defining a Dockerfile and a tool manifest. **Q: Does it store sensitive findings securely?** A: Findings are stored in PostgreSQL. Encrypt the volume and restrict dashboard access behind authentication. ## Sources - https://github.com/vxcontrol/pentagi --- Source: https://tokrepo.com/en/workflows/pentagi-autonomous-ai-agents-penetration-testing-8ace2792 Author: Script Depot