Pentest Swarm AI is the first open-source autonomous penetration testing platform built on a swarm intelligence architecture, not just multiple agents firing in a fixed sequence.
Developed by Armur AI, it gives security professionals live, coordinated access to the full offensive stack, including nmap, SQLMap, Burp Suite, ZAP, and Metasploit, all driven by an AI model of your choice.
What Makes It a True Swarm
Most tools marketed as “multi-agent” are actually pipelines — a single planner LLM dispatching specialists in a predetermined order: recon → classify → exploit → report. Pentest Swarm AI breaks this mold with three swarm-intelligence primitives:
- Stigmergy — agents coordinate by reading and writing findings to a shared PostgreSQL-backed blackboard (pgvector), not via a central planner. Each finding carries a pheromone weight that biases other agents toward high-value paths and decays over time, letting stale attack paths die naturally.
- Emergence — attack chains form without any agent prescribing them; a recon finding wakes the classifier, a high-severity CVE match triggers the exploit agent, and exploit results cycle back into the board.
- Decentralization — each agent runs its own trigger predicate, so adding or removing an agent requires no orchestrator rewrite.
The platform ships with eight ProjectDiscovery tools stable out of the box — subfinder, httpx, nuclei, naabu, katana, dnsx, gau — plus a fully parsed nmap XML adapter with scope validation. sqlmap, Burp MCP bridge, Metasploit, and ZAP adapters are queued for Wave 2 of the roadmap, making the platform progressively more powerful without requiring a platform overhaul.
Getting started requires just one API key and one command:
bashexport PENTESTSWARM_ORCHESTRATOR_API_KEY=sk-ant-your-key-here
pentestswarm scan example.com --scope example.com --swarm --followIt supports Claude (default, with prompt caching enabled for recon and classifier agents), Ollama for fully air-gapped local deployments, and any OpenAI-compatible model, giving teams the flexibility to balance cost, privacy, and capability. No GPU, no local model download required when using the cloud path.
Every campaign produces submission-ready output across four formats Markdown, HTML, JSON, and SARIF queried directly from the blackboard by a dedicated report agent.
Findings are automatically deduplicated, CVSS v3.1 scored per the FIRST specification, and scoped: the --scope flag is enforced both at the tool layer and the executor layer for defense-in-depth, making it safe for CI/CD pipelines and bug-bounty programs.
| Tool | Architecture | Executes | Memory | True Swarm |
|---|---|---|---|---|
| Pentest Swarm AI | Stigmergic blackboard | Yes | pgvector + pheromones | |
| PentestGPT | Single-agent ReAct | Suggests | None | |
| PentAGI | 4 agents + planner | Yes | pgvector | Pipeline only |
| HexStrike | MCP tool wrapper | Delegates | Stateless |
GitHub Actions & MCP Integration
A ready-made GitHub Action ships with SARIF output, enabling automated pentesting directly within any CI/CD workflow. The pentestswarm mcp serve command exposes the entire swarm as an MCP server, integrating natively with Claude Desktop and Cursor for IDE-level offensive security testing.
Licensed under AGPL-3.0, Pentest Swarm AI is free for red teams, bug-bounty hunters, and internal security pipelines, with the copyleft clause ensuring that any commercial SaaS fork must return improvements to the open-source community. The project is available on GitHub.
Uncover Shadow APIs, close OWASP gaps — Join a Free Webinar to secure every API at runtime.
