DEV.co
AI Frameworks · PurpleAILAB

Decepticon

Decepticon is an autonomous red team agent built on LLM and LangGraph that executes realistic attack chains (reconnaissance, exploitation, lateral movement) within a sandboxed environment. It generates engagement governance documents (RoE, ConOps, OPPLAN) before executing attacks and integrates with offensive tools like Sliver C2 and BloodHound CE.

Source: GitHub — github.com/PurpleAILAB/Decepticon
4.6k
GitHub stars
897
Forks
Python
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryPurpleAILAB/Decepticon
OwnerPurpleAILAB
Primary languagePython
LicenseApache-2.0 — OSI-approved
Stars4.6k
Forks897
Open issues11
Latest releasev1.1.33 (2026-07-04)
Last updated2026-07-05
Sourcehttps://github.com/PurpleAILAB/Decepticon

What Decepticon is

Python-based agent framework using LangGraph for orchestration, Neo4j for attack-chain knowledge graphs, and Docker-based sandbox isolation (Kali Linux on separate network). Supports multiple LLM providers via LiteLLM with tier-based credential fallback; 16 specialist agents cover kill-chain phases with persistent tmux sessions for interactive tool control.

Quickstart

Get the Decepticon source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/PurpleAILAB/Decepticon.gitcd Decepticon# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Structured red team engagements with governance

Organizations needing autonomous red team validation with documented rules of engagement, ConOps, and MITRE ATT&CK mapping before and after execution.

Multi-stage attack chain research and validation

Security research teams validating realistic attack chains (pivot, lateral movement, C2) in controlled sandbox environments without manual tool orchestration.

Continuous offensive security benchmarking

Internal security teams running repeatable attack scenarios against test infrastructure to measure defense improvements over time.

Implementation considerations

  • LLM provider and API key management is critical; declare credentials in priority order for tier-based fallback. Costs scale with engagement complexity (API calls per agent objective).
  • Sandbox isolation is mandatory; the Docker architecture isolates commands to sandbox-net, but misconfiguration could leak operational network access—review network policies before live use.
  • All offensive tool execution (nmap, msfconsole, sliver-client, etc.) runs inside the sandbox; ensure your test target is in scope and authorized before starting any engagement.
  • Knowledge graph (Neo4j) persists findings across engagements; retention and compliance policies depend on your org's data governance—configure accordingly.
  • Interactive tool sessions (tmux, msfconsole) require prompt-detection tuning per tool; custom tools may need skill middleware registration in Skillogy.

When to avoid it — and what to weigh

  • Operational security against live production systems — Decepticon is designed for controlled engagements; using it against non-consenting systems violates laws and ethics regardless of technical capability.
  • Simple vulnerability scanning or lightweight assessments — If you need quick port scans or basic web app scanning, use Nessus, Burp, or ZAP. Decepticon's overhead (Docker, Neo4j, LLM API calls) suits complex attack chains only.
  • Air-gapped or offline-only environments — Requires external LLM API calls (OpenAI, Anthropic, etc.) and Internet connectivity for model inference. Not suitable for classified/disconnected networks without significant modification.
  • Minimal infrastructure or resource-constrained labs — Full stack (Docker, PostgreSQL, Neo4j, LangGraph, sandbox) requires 4+ cores, 8+ GB RAM, stable network. Single-machine deployments may struggle.

License & commercial use

Apache-2.0 (Apache License 2.0). Permissive open-source license allowing commercial use, modification, and distribution with Apache-2.0 attribution and liability disclaimer.

Apache-2.0 is a permissive OSI license. Commercial use (building products, services, or internal tooling with Decepticon) is permitted. No warranty or support SLA is provided by the license; support depends on community or commercial arrangements outside the license. Verify with legal counsel for compliance with your usage and distribution model.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityHigh
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

Sandbox isolation via Docker and separate networks is implemented (sandbox-net vs. decepticon-net); commands execute in restricted Kali container. No security audit, CVE history, or threat model published in README. LLM prompt injection risks inherent to agent-based architectures—mitigation via prompt validation or safety gates mentioned but not detailed. Credential handling (API keys, tool passwords) stored in environment/config; follow secret management best practices. Network policies, RBAC, and authentication between components not detailed; review deployment docs and architecture before production use.

Alternatives to consider

Metasploit Pro + Manual Orchestration

Mature, widely-used framework with extensive exploit library; Decepticon automates orchestration but Metasploit may be safer for simpler engagements without LLM-driven agent risk.

Strix (mentioned in benchmark comparison)

Competitor AI pentesting agent; comparison table in docs available to evaluate trade-offs on features, model support, and attack-chain depth.

PentestGPT / MAPTA / Cyber-AutoAgent (mentioned in benchmark comparison)

Other AI-driven pentesting tools; Decepticon claims higher XBOW benchmark pass rate (98.08%) but feature parity and operational constraints differ—benchmark comparison doc recommended.

Software development agency

Build on Decepticon with DEV.co software developers

Start with the live cloud app at app.decepticon.red, or self-host via Docker. Validate your defenses with realistic AI-driven attack chains.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Decepticon FAQ

Can I run Decepticon on Windows natively?
Yes, via PowerShell with the install.ps1 script, or via WSL2 (Ubuntu/Kali). Docker Desktop for Windows is required.
What LLM providers are supported?
Unknown from README. Mentioned: credentials-aware fallback chain and tier-based profiles; LiteLLM proxy suggests broad provider support. Refer to docs.decepticon.red or setup guide for explicit list (e.g., OpenAI, Anthropic, local models, etc.).
Is there a cloud-hosted version so I don't self-host?
Yes, app.decepticon.red is live. README emphasizes skipping Docker setup and running engagements from the browser; pricing and SLA unknown.
How much does it cost to run Decepticon?
Depends on LLM API usage (pay-as-you-go with OpenAI, etc.), Docker/compute resources (self-hosted), or subscription to cloud app (app.decepticon.red). README does not detail pricing or cost benchmarks per engagement.

Software development & web development with DEV.co

DEV.co helps companies turn open-source tools like Decepticon into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your ai frameworks stack.

Run Autonomous Red Team Engagements

Start with the live cloud app at app.decepticon.red, or self-host via Docker. Validate your defenses with realistic AI-driven attack chains.