DEV.co
MCP Servers · Ed1s0nZ

CyberStrikeAI

CyberStrikeAI is a Go-based agentic platform for automating authorized security operations by converting natural-language intent into governed, auditable actions through AI agents, security tools, and human oversight. It integrates MCP-native tools, knowledge retrieval, workflow orchestration, and operational context management for penetration testing, vulnerability assessment, and CTF scenarios.

Source: GitHub — github.com/Ed1s0nZ/CyberStrikeAI
5k
GitHub stars
813
Forks
Go
Primary language
Apache-2.0
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
RepositoryEd1s0nZ/CyberStrikeAI
OwnerEd1s0nZ
Primary languageGo
LicenseApache-2.0 — OSI-approved
Stars5k
Forks813
Open issues30
Latest releasev1.6.51 (2026-07-06)
Last updated2026-07-08
Sourcehttps://github.com/Ed1s0nZ/CyberStrikeAI

What CyberStrikeAI is

Built in Go with Eino-powered single/multi-agent orchestration (Deep, Plan-Execute, Supervisor modes), MCP tool execution (HTTP/stdio/SSE), YAML-based tool recipes, RAG knowledge base with MultiQuery rewrite and vector retrieval, graph workflow editor, WebShell management, built-in C2 framework, and SQLite persistence. Supports vision analysis via separate VL models and role-based tool/skill scoping.

Quickstart

Get the CyberStrikeAI source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/Ed1s0nZ/CyberStrikeAI.gitcd CyberStrikeAI# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

Authorized Red Team Engagements

Orchestrate multi-stage penetration tests with AI agents, attack-chain intelligence, approval workflows, and full audit trails. Combines tool automation, human-in-the-loop approvals, and evidence retention for governed security assessments.

Vulnerability Management & Assessment Workflows

Automate discovery-to-remediation pipelines using agents, task queues, and graph orchestration. Track vulnerability lifecycle, aggregate findings across engagements, and maintain project context via shared facts (blackboard).

Security Skill Development & CTF Training

Predefined security testing roles (Penetration Testing, Web App Scanning, CTF) with bounded tool access and progressive skill disclosure. Ideal for labs, training programs, and authorized capability demonstrations.

Implementation considerations

  • Configure LLM providers (CloudWeGo/vendor APIs) and optional services (vector DB, reranking models, IM bots) before deployment. Audit logging and approval workflows require clear role/permission definitions.
  • Deploy SQLite persistence with backup strategy; consider migration path to PostgreSQL if scaling beyond single-instance. WebShell and C2 features require strict network segmentation and monitoring.
  • Set up MCP tool server(s) and review YAML tool recipes for your threat model. Test approval workflows and HITL audit agent in non-production before enabling on live engagements.
  • Plan knowledge base ingestion (documents/attack frameworks) and RAG pipeline tuning (query rewrite, vector retrieval, reranking thresholds). Vision analysis requires separate VL model endpoint if screenshot analysis is needed.
  • Establish audit log retention, evidence archival, and compliance reporting pipelines for regulated environments. Skill/role definitions and tool allowlists should be version-controlled and reviewed regularly.

When to avoid it — and what to weigh

  • Unauthorized or Offensive Security Testing — CyberStrikeAI is explicitly designed for authorized engagements with governance and audit trails. Do not use for unauthorized access, lateral movement, or offensive operations outside a controlled lab environment.
  • Standalone Web Application Without Integration Needs — If your use case requires only basic web UI without agent orchestration, tool federation, multi-agent workflows, or MCP integrations, the complexity may exceed your requirements.
  • Zero-Trust or Highly Restricted Network Environments — Deployment requires integration with external LLMs (via MCP), optional vector DBs, reranking services, and IM bots. Network-restricted or air-gapped environments require significant adaptation.
  • Non-Go Codebases Requiring Tight Integration — Core platform is Go; API is HTTP/WebSocket. If your stack is Python/Node.js-native and requires deep codebase coupling, consider wrapper approaches or alternatives.

License & commercial use

Licensed under Apache License 2.0 (Apache-2.0), a permissive open-source license that allows commercial use, modification, and distribution with minimal restrictions (requires license notice and statement of changes).

Apache-2.0 explicitly permits commercial use, modification, and redistribution provided original license notice is retained. However, if bundling or reselling CyberStrikeAI as part of a proprietary security platform, consult legal counsel. No mention of enterprise support, SLAs, or vendor liability terms in provided data; requires review with vendor.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationAdequate
License clarityClear
Deployment complexityHigh
DEV.co fitGood
Assessment confidenceHigh
Security considerations

Platform is purpose-built for authorized security operations with governance controls (approval workflows, audit logs, role-based tool/skill scoping). Audit trails and HITL review are built-in; however, security posture depends on: (1) LLM API and external service trust/TLS; (2) network isolation of WebShell/C2 lab environments; (3) secret management for LLM keys and MCP credentials; (4) audit log integrity and retention; (5) SQLite file permissions and backup encryption. No third-party security audit mentioned; requires internal review before production use. Vision analysis (screenshot handling) should be reviewed for data exfiltration risk if using external VL models.

Alternatives to consider

Metasploit Framework (Ruby)

Mature penetration testing automation without agentic orchestration. Lacks multi-agent workflows, RAG knowledge base, and human-in-the-loop governance; better for traditional module-based exploitation rather than AI-driven engagement planning.

OpenAI Assistants API + Custom Tools

Lightweight AI agent framework for tool execution, but requires significant custom development for multi-agent orchestration, MCP federation, attack-chain intelligence, approval workflows, and operational evidence management.

Julep or LangChain Agents + Security Integrations

Python-native agent frameworks with flexible tool integration, but lack out-of-the-box security domain models (tool recipes, vulnerability management, WebShell/C2, role-based testing) and would require extensive customization for pen-test workflows.

Software development agency

Build on CyberStrikeAI with DEV.co software developers

CyberStrikeAI combines AI agents, governed tool execution, and operational intelligence for authorized security assessments. Deploy on-premises, integrate with your LLM and MCP tools, and start orchestrating auditable workflows. Join the Discord community or review the docs to plan your pilot.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

CyberStrikeAI FAQ

Can I use CyberStrikeAI for real-world client penetration tests?
Yes, if the engagement is authorized and your client agrees. The platform includes audit logging, approval workflows, and evidence retention to support compliance and legal defensibility. However, ensure you have proper rules of engagement (RoE), client authorization documentation, and network isolation for WebShell/C2 operations. Consult legal counsel if regulated by compliance frameworks (e.g., HIPAA, PCI-DSS).
What LLMs does CyberStrikeAI support?
Not explicitly stated in the provided data. README mentions CloudWeGo Eino ADK and MCP-native integrations, suggesting support for multiple vendor APIs via MCP. Likely includes OpenAI, Anthropic, vendor-specific APIs (e.g., Alibaba DashScope for vision/reranking), and custom LLM endpoints via MCP. Requires review of config.yaml examples and MCP server implementations.
How does the knowledge base (RAG) work?
Uses Eino MultiQuery (query rewrite) + multi-path vector retrieval + optional HTTP reranking (DashScope `gte-rerank` or Cohere-compatible) + post-processing (deduplication, budget). Eino Compose builds indexing pipelines. Vectorization and storage backend not specified; likely integrates with common vector DBs (Pinecone, Milvus, etc.) via MCP or internal adapters.
Is CyberStrikeAI suitable for air-gapped environments?
Challenging. Platform depends on external LLMs, optional MCP servers, vector DBs, and reranking services. It can run on-premises, but requires offline models or local LLM endpoints (e.g., vLLM, Ollama). No mention of offline-first workflows; implement with caution and extensive testing.

Custom software development services

Need help beyond evaluating CyberStrikeAI? DEV.co is a software development agency offering software development services and web development for teams of every size. Our software developers and web developers build custom software, web applications, APIs, and mcp servers integrations — and maintain them long-term.

Ready to Automate Your Security Engagements?

CyberStrikeAI combines AI agents, governed tool execution, and operational intelligence for authorized security assessments. Deploy on-premises, integrate with your LLM and MCP tools, and start orchestrating auditable workflows. Join the Discord community or review the docs to plan your pilot.