PentAGI is an open-source autonomous AI agent system for penetration testing, developed by VXControl and released on GitHub in early 2025. With over 4,000 stars, it coordinates multiple specialized AI agents to perform complex security assessments using a containerized, sandboxed architecture. The system integrates with over 20 professional security tools and supports all major LLM providers, making it the most comprehensive open-source AI-powered penetration testing platform available. ## Multi-Agent Architecture for Security Testing The core design of PentAGI uses specialized AI agents that coordinate through a shared knowledge graph. Each agent handles a distinct role: research agents gather information about targets, development agents write custom exploit code, and infrastructure agents manage the testing environment. This division of labor allows the system to parallelize tasks and apply domain-specific reasoning at each stage of an assessment. The coordination layer uses Neo4j-powered knowledge graph integration via Graphiti for semantic relationship tracking. As agents discover information about a target network, findings are stored with their contextual relationships preserved. This enables later agents to reason about connections between vulnerabilities, network topology, and system configurations rather than treating each finding in isolation. ## Professional Security Tooling PentAGI integrates a curated suite of 20+ enterprise-grade penetration testing tools including nmap for network discovery, Metasploit for exploitation, sqlmap for SQL injection testing, and numerous other reconnaissance and exploitation utilities. All tools execute within the sandboxed Docker environment, preventing any operations from affecting systems outside the defined testing scope. The AI agents determine which tools to invoke, what parameters to use, and how to interpret results at each step. ## Containerized Isolation Every component of PentAGI runs in Docker containers with network isolation enforced at the OS level. This design means that even if an agent makes an error in targeting, operations are bounded by the container network policies. Security teams can define allowed target ranges through environment configuration, preventing accidental testing of out-of-scope systems. The containerization also simplifies deployment: the entire system launches via Docker Compose with a single command. ## Multi-Tiered Memory System A key capability differentiator is the three-tier memory architecture. Long-term memory stores confirmed findings and successful attack techniques across sessions, allowing the system to build institutional knowledge over multiple engagements. Working memory maintains current task context within an active session. Episodic memory records the sequence of actions taken, enabling retrospective analysis of how vulnerabilities were discovered. The PostgreSQL with pgvector backend provides semantic search across stored knowledge. ## Flexible LLM Integration PentAGI supports all major LLM providers: OpenAI, Anthropic Claude, Google AI, AWS Bedrock, DeepSeek, Moonshot, Ollama for local models, and generic OpenAI-compatible endpoints via OpenRouter and Deep Infra. Organizations with data sovereignty requirements can run entirely on-premises using Ollama with local model weights. This flexibility means teams can choose models based on their security policies, performance requirements, and cost constraints. ## Observability Stack The system includes production-grade monitoring infrastructure. Grafana dashboards provide real-time visibility into agent activity and system performance. Prometheus collects metrics on tool execution, LLM API calls, and task completion rates. Jaeger provides distributed tracing across the multi-agent system. Langfuse offers LLM-specific analytics including prompt costs, latency, and output quality tracking. This level of observability is unusual for open-source security tools and reflects the production deployment focus. ## Deployment Requirements The minimum system requirements are modest: 2 vCPU, 4GB RAM, and 20GB disk space. Interactive installers are available for Linux (amd64 and arm64), Windows, and macOS, simplifying setup. The Docker Compose configuration manages all service dependencies including the Neo4j database, PostgreSQL instance, monitoring stack, and application services. ## Limitations PentAGI requires a valid LLM API key or local model setup, which introduces ongoing API costs or hardware requirements. Autonomous penetration testing raises significant legal and ethical considerations; the system must only be used against systems with explicit written authorization. LLM reasoning errors can produce false positives or missed vulnerabilities that would be caught by an experienced human tester. The system is not a replacement for human security expertise but rather an augmentation tool for scaling routine assessment tasks.