Shannon Lite: Autonomous White-Box AI Pentester for Web Applications and APIs
Shannon Lite is an open-source autonomous AI security testing tool that performs white-box penetration testing on web applications and APIs. It analyzes source code to identify attack vectors and executes real exploits to validate vulnerabilities before production deployment. The project is implemented in TypeScript and has accumulated over 42,000 GitHub stars, with 200 new stars today indicating strong community traction.
Related guides (2)
Related events (8)
PentestAgent: AI Agent Framework for Black-Box Security Testing
PentestAgent is an open-source Python framework that applies AI agent techniques to penetration testing, bug bounty, and red-team workflows. The project has accumulated 2,497 GitHub stars with modest daily traction (+30). It represents a practical deployment of autonomous agent architectures in offensive security contexts.
HexStrike AI: MCP server exposing 150+ cybersecurity tools to AI agents
HexStrike AI is an open-source MCP server that enables AI agents (Claude, GPT, Copilot, and others) to autonomously invoke over 150 offensive security tools for penetration testing, vulnerability discovery, and bug bounty automation. The project bridges LLMs with real-world offensive security capabilities via the Model Context Protocol. With 9,221 GitHub stars, it represents a notable community signal around agentic security tooling and the expanding attack surface of AI-driven automation.
Anthropic Launches Claude Code Security: AI-Powered Vulnerability Detection for Defenders
Anthropic has released Claude Code Security in limited research preview for Enterprise and Team customers, a capability built into Claude Code that scans codebases for security vulnerabilities and suggests patches for human review. Unlike rule-based static analysis tools, it uses Claude's reasoning to understand code context, trace data flows, and detect complex vulnerabilities including novel ones. Built on Claude Opus 4.6, the system found over 500 previously undetected vulnerabilities in production open-source codebases during internal research. The release is framed as a defensive measure to put AI-enabled vulnerability discovery in the hands of defenders before attackers can exploit the same capabilities.
promptfoo: open-source LLM testing and red-teaming framework trending on GitHub
promptfoo is a TypeScript-based open-source tool for testing prompts, agents, and RAG pipelines, with built-in red-teaming and vulnerability scanning capabilities. It supports declarative configs with CLI and CI/CD integration and benchmarks across major models including GPT, Claude, Gemini, and DeepSeek. The project has accumulated 22,323 stars with 46 added today, and claims usage by OpenAI and Anthropic.
Deep Eye: Multi-Provider AI-Orchestrated Vulnerability Scanner
Deep Eye is an open-source Python tool that orchestrates multiple AI providers (OpenAI, Claude, Grok, Gemini, Ollama, Groq, Mistral, and others) to generate attack payloads and scan targets for 45+ vulnerability types. It produces professional security reports with compliance mapping. The project has accumulated 1,572 GitHub stars with 42 added today, indicating growing community interest in AI-augmented offensive security tooling.
oh-my-pi: Terminal AI Coding Agent with Hash-Anchored Edits and LSP Integration
oh-my-pi is an open-source TypeScript AI coding agent designed for terminal use, featuring hash-anchored file edits, an optimized tool harness, LSP integration, Python execution, browser access, and subagent support. The project has accumulated 5,362 GitHub stars with 237 added today, indicating rapid community traction. It represents a self-contained agentic coding environment targeting developer workflows in the terminal.
Practitioner spends $1,500 testing LLM offensive security capabilities against a purpose-built vulnerable app
A developer built a deliberately vulnerable application and ran LLMs against it as automated penetration testers, spending $1,500 on API costs across the experiment. The post evaluates how well current LLMs can identify and exploit real vulnerabilities in a controlled setting. Results provide practical signal on the current state of LLM-assisted offensive security, a capability area with both red-team and safety implications.
Anthropic releases claude-code-security-review GitHub Action for automated security analysis
Anthropic published an open-source GitHub Action that uses Claude to automatically analyze code changes for security vulnerabilities as part of CI/CD workflows. The tool integrates directly into GitHub pull request pipelines. With 5,157 stars, it has attracted meaningful community interest as a practical agentic coding security tool.