pentagi
PentAGI is an open-source, self-hosted autonomous penetration testing platform powered by AI agents. It automates security testing workflows using multiple LLM providers, integrates professional security tools, and stores findings in a vector database with knowledge graph capabilities.
Key facts
Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.
| Field | Value |
|---|---|
| Repository | vxcontrol/pentagi |
| Owner | vxcontrol |
| Primary language | Go |
| License | MIT — OSI-approved |
| Stars | 18.5k |
| Forks | 2.5k |
| Open issues | 64 |
| Latest release | v2.1.0 (2026-05-29) |
| Last updated | 2026-07-03 |
| Source | https://github.com/vxcontrol/pentagi |
What pentagi is
Go-based microservices architecture combining multi-agent AI orchestration, GraphQL/REST APIs, PostgreSQL+pgvector for vector storage, Neo4j for knowledge graphs, and Docker-sandboxed execution of 20+ security tools (nmap, metasploit, sqlmap). Supports 10+ LLM providers via OpenAI-compatible interfaces.
Get the pentagi source
Clone the repository and explore it locally.
git clone https://github.com/vxcontrol/pentagi.gitcd pentagi# follow the project's README for install & configurationNeed it deployed, integrated, or customized instead? DEV.co ships production installs.
Best use cases
Implementation considerations
- Requires configuring external LLM provider credentials (OpenAI/Anthropic/AWS Bedrock/Ollama/others); local models demand separate vLLM deployment and GPU resources.
- Full stack deployment spans 10+ services (API, UI, PostgreSQL, Neo4j, Grafana, Loki, Jaeger, VictoriaMetrics, Langfuse) with Docker Compose; infrastructure knowledge required.
- Testing scope must be clearly defined and authorized; autonomous agent behavior is not fully deterministic and may drift from intended targets without proper constraints.
- Knowledge graph and vector store design impacts query performance; pgvector indexing and Neo4j relationship modeling benefit from tuning based on pentesting workflow patterns.
- Monitoring stack (Grafana, Langfuse, OpenTelemetry) essential for observing agent decision-making and tool output but adds operational overhead.
When to avoid it — and what to weigh
- You need certified, compliance-audited penetration testing — PentAGI is a research/automation tool, not a replacement for professional penetration testers. Autonomous AI-driven results may not satisfy regulatory audit requirements or professional liability standards.
- Your threat model requires zero AI model access to test data — Testing data and reconnaissance output must flow to configured LLM providers (OpenAI, Anthropic, etc.) for agent reasoning. Air-gapped environments require local LLM deployment (additional complexity/cost).
- You need real-time BAS campaigns with predefined attack scripts — PentAGI is positioned as an autonomous assistant, not as CALDERA-style Breach and Attack Simulation with templated adversary emulation playbooks. Attack script generation is described as conceptual future work.
- Your infrastructure cannot run Docker with nested containers — PentAGI relies on Docker-in-Docker sandboxing for tool execution and requires significant orchestration overhead (Compose, PostgreSQL, Neo4j, observability stack).
License & commercial use
MIT License permits unrestricted commercial use, modification, and distribution with minimal restrictions (retain license and copyright notice). No patent indemnity or liability protection clauses.
MIT is a permissive OSI license allowing commercial products and services built on PentAGI. However, autonomous penetration testing output quality and liability (mis-targeting, false positives, unintended disruptions) remain the responsibility of the operator. No warranty or commercial support model stated in the license or README.
DEV.co evaluation signals
Editorial assessment — not user reviews. Directional, with an explicit confidence level.
| Signal | Assessment |
|---|---|
| Maintenance | Active |
| Documentation | Adequate |
| License clarity | Clear |
| Deployment complexity | High |
| DEV.co fit | Good |
| Assessment confidence | High |
PentAGI sandboxes tool execution in Docker containers with stated isolation. No independent security audit, threat model, or CVE history provided. Considerations: (1) AI agent decision-making is not cryptographically verifiable; (2) tool suite (metasploit, sqlmap) could be misused outside authorized scope; (3) LLM provider communication transmits reconnaissance data to external services unless local models used; (4) Bearer token authentication lacks rate limiting or session management details; (5) no stated input validation/output sanitization for user payloads fed to agents.
Alternatives to consider
CALDERA (Mitre ATT&CK-based)
Mature BAS platform with predefined adversary profiles and attack flows; more suitable for structured breach simulations. Less autonomous AI-driven; more deterministic campaign execution.
Nuclei (ProjectDiscovery)
Lightweight, template-driven vulnerability scanner without autonomous agents. Simpler deployment, smaller attack surface, but requires manual template authoring and orchestration.
Burp Suite + custom scripting
Established commercial tool with professional support and certifications. Manual or scripted workflows; no autonomous multi-agent AI but better commercial liability and compliance positioning.
Build on pentagi with DEV.co software developers
Explore PentAGI's architecture, deploy via Docker Compose, and configure your LLM provider. Start with the quick-start guide and join the community Discord for support.
Talk to DEV.coRelated open-source tools
Surfaced by semantic similarity across the DEV.co open-source index.
Related on DEV.co
Explore the category and the services that help you build with it.
pentagi FAQ
Can PentAGI be run without external LLM provider access?
Does PentAGI generate false positives?
Is PentAGI suitable for regulatory penetration testing (e.g., PCI-DSS, SOC 2)?
What happens if the AI agent exceeds its authorized test scope?
Software development & web development with DEV.co
Adopting pentagi is usually one piece of a larger software development effort. As a software development agency, DEV.co provides software development services and web development expertise — pairing senior software developers and web developers with your team to design, build, and operate open-source devops software in production.
Ready to automate your penetration testing?
Explore PentAGI's architecture, deploy via Docker Compose, and configure your LLM provider. Start with the quick-start guide and join the community Discord for support.