Decepticon
Decepticon is an autonomous red team agent built on LLM and LangGraph that executes realistic attack chains (reconnaissance, exploitation, lateral movement) within a sandboxed environment. It generates engagement governance documents (RoE, ConOps, OPPLAN) before executing attacks and integrates with offensive tools like Sliver C2 and BloodHound CE.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | PurpleAILAB/Decepticon |
| Owner | PurpleAILAB |
| Primary language | Python |
| License | Apache-2.0 — OSI-approved |
| Stars | 4.6k |
| Forks | 897 |
| Open issues | 11 |
| Latest release | v1.1.33 (2026-07-04) |
| Last updated | 2026-07-05 |
| Source | https://github.com/PurpleAILAB/Decepticon |
What Decepticon is
Python-based agent framework using LangGraph for orchestration, Neo4j for attack-chain knowledge graphs, and Docker-based sandbox isolation (Kali Linux on separate network). Supports multiple LLM providers via LiteLLM with tier-based credential fallback; 16 specialist agents cover kill-chain phases with persistent tmux sessions for interactive tool control.
Get the Decepticon source
Clone the repository and explore it locally.
git clone https://github.com/PurpleAILAB/Decepticon.gitcd Decepticon# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- LLM provider and API key management is critical; declare credentials in priority order for tier-based fallback. Costs scale with engagement complexity (API calls per agent objective).
- Sandbox isolation is mandatory; the Docker architecture isolates commands to sandbox-net, but misconfiguration could leak operational network access—review network policies before live use.
- All offensive tool execution (nmap, msfconsole, sliver-client, etc.) runs inside the sandbox; ensure your test target is in scope and authorized before starting any engagement.
- Knowledge graph (Neo4j) persists findings across engagements; retention and compliance policies depend on your org's data governance—configure accordingly.
- Interactive tool sessions (tmux, msfconsole) require prompt-detection tuning per tool; custom tools may need skill middleware registration in Skillogy.
When to avoid it — and what to weigh
- Operational security against live production systems — Decepticon is designed for controlled engagements; using it against non-consenting systems violates laws and ethics regardless of technical capability.
- Simple vulnerability scanning or lightweight assessments — If you need quick port scans or basic web app scanning, use Nessus, Burp, or ZAP. Decepticon's overhead (Docker, Neo4j, LLM API calls) suits complex attack chains only.
- Air-gapped or offline-only environments — Requires external LLM API calls (OpenAI, Anthropic, etc.) and Internet connectivity for model inference. Not suitable for classified/disconnected networks without significant modification.
- Minimal infrastructure or resource-constrained labs — Full stack (Docker, PostgreSQL, Neo4j, LangGraph, sandbox) requires 4+ cores, 8+ GB RAM, stable network. Single-machine deployments may struggle.
License & commercial use
Apache-2.0 (Apache License 2.0). Permissive open-source license allowing commercial use, modification, and distribution with Apache-2.0 attribution and liability disclaimer.
Apache-2.0 is a permissive OSI license. Commercial use (building products, services, or internal tooling with Decepticon) is permitted. No warranty or support SLA is provided by the license; support depends on community or commercial arrangements outside the license. Verify with legal counsel for compliance with your usage and distribution model.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Strong |
| License clarity | Clear |
| Deployment complexity | High |
| DEV.co fit | Strong |
| Assessment confidence | High |
Sandbox isolation via Docker and separate networks is implemented (sandbox-net vs. decepticon-net); commands execute in restricted Kali container. No security audit, CVE history, or threat model published in README. LLM prompt injection risks inherent to agent-based architectures—mitigation via prompt validation or safety gates mentioned but not detailed. Credential handling (API keys, tool passwords) stored in environment/config; follow secret management best practices. Network policies, RBAC, and authentication between components not detailed; review deployment docs and architecture before production use.
Alternatives to consider
Metasploit Pro + Manual Orchestration
Mature, widely-used framework with extensive exploit library; Decepticon automates orchestration but Metasploit may be safer for simpler engagements without LLM-driven agent risk.
Strix (mentioned in benchmark comparison)
Competitor AI pentesting agent; comparison table in docs available to evaluate trade-offs on features, model support, and attack-chain depth.
PentestGPT / MAPTA / Cyber-AutoAgent (mentioned in benchmark comparison)
Other AI-driven pentesting tools; Decepticon claims higher XBOW benchmark pass rate (98.08%) but feature parity and operational constraints differ—benchmark comparison doc recommended.
Build on Decepticon with DEV.co software developers
Start with the live cloud app at app.decepticon.red, or self-host via Docker. Validate your defenses with realistic AI-driven attack chains.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
Decepticon FAQ
Can I run Decepticon on Windows natively?
What LLM providers are supported?
Is there a cloud-hosted version so I don't self-host?
How much does it cost to run Decepticon?
Software development & web development with DEV.co
DEV.co helps companies turn open-source tools like Decepticon into production software. Our software development services cover the full lifecycle — architecture, web development, integration, and maintenance — delivered by software developers and web developers who ship. Engage our software development agency to implement or customize it for your ai frameworks stack.
Run Autonomous Red Team Engagements
Start with the live cloud app at app.decepticon.red, or self-host via Docker. Validate your defenses with realistic AI-driven attack chains.