pentagi: ✨ Fully autonomous AI Agents system capable of…

✨ Fully autonomous AI Agents system capable of performing complex penetration testing tasks – vxcontrol/pentagi

🚀 Join the Community! Connect with security researchers, AI enthusiasts, and fellow ethical hackers. Get support, share insights, and stay updated with the latest PentAGI developments. PentAGI is an innovative tool for automated security testing that leverages cutting-edge artificial intelligence technologies. The project is designed for information security professionals, researchers, and enthusiasts who need a powerful and flexible solution for conducting penetration tests.

The chain summarization system manages conversation context growth by selectively summarizing older messages. This is critical for preventing token limits from being exceeded while maintaining conversation coherence. The algorithm operates on a structured representation of conversation chains (ChainAST) that preserves message types including tool calls and their responses. All summarization operations maintain critical conversation flow while reducing context size.

The assistant summarizer configuration provides more memory for context retention compared to the global settings, preserving more recent conversation history while still ensuring efficient token usage. The architecture of PentAGI is designed to be modular, scalable, and secure. Here are the key components: The system uses Docker containers for isolation and easy deployment, with separate networks for core services, monitoring, and analytics to ensure proper security boundaries.

Each component is designed to scale horizontally and can be configured for high availability in production environments. PentAGI provides an interactive installer with a terminal-based UI for streamlined configuration and deployment. The installer guides you through system checks, LLM provider setup, search engine configuration, and security hardening. The installer requires appropriate privileges to interact with the Docker API for proper operation.

By default, it uses the Docker socket (/var/run/docker.sock) which requires either: ⚠️ Security Note: Adding a user to the docker group grants root-equivalent privileges. Only do this for trusted users in controlled environments. For production deployments, consider using rootless Docker mode or running the installer with sudo. For production deployments or security-sensitive environments, we strongly recommend using a distributed two-node architecture where worker operations are isolated on a separate server.

This prevents untrusted code execution and network access issues on your main system. Visit localhost:8443 to access PentAGI Web UI (default is admin@pentagi.com / admin) If you caught an error about pentagi-network or observability-network or langfuse-network you need to run docker-compose.yml firstly to create these networks and after that run docker-compose-langfuse.yml, docker-compose-graphiti.yml, and docker-compose-observability.yml to use Langfuse, Graphiti, and Observability services.

You have to set at least one Language Model provider (OpenAI, Anthropic, Gemini, AWS Bedrock, or Ollama) to use PentAGI. AWS Bedrock provides enterprise-grade access to multiple foundation models from leading AI companies, while Ollama provides zero-cost local inference if you have sufficient computational resources. Additional API keys for search engines are optional but recommended for better results.

LLM_SERVER_* environment variables are experimental feature and will be changed in the future. Right now you can use them to specify custom LLM server URL and one model for all agent types. PROXY_URL is a global proxy URL for all LLM providers and external search systems. You can use it for isolation from external networks. The docker-compose.yml file runs the PentAGI service as root user because it needs access to docker.sock for container management.

If you're using TCP/IP network connection to Docker instead of socket file, you can remove root privileges and use the default pentagi user for better security. Note that users can always override this setting by toggling the "Use Agents" button in the UI when creating or editing an assistant. This environment variable only controls the initial default state. PentAGI provides comprehensive programmatic access through both REST and GraphQL APIs, allowing you to integrate penetration testing workflows into your automation pipelines, CI/CD processes, and custom applications.

Each token is associated with your user account and inherits your role's permissions. Access the REST API documentation at https://your-pentagi-instance:8443/api/v1/swagger/index.html swagger-typescript-api (TypeScript): https://github.com/acacode/swagger-typescript-api The LLM_SERVER_PROVIDER setting is particularly useful when using LiteLLM proxy, which adds a provider prefix to model names. For example, when connecting to Moonshot API through LiteLLM, models like kimi-2.5 become moonshot/kimi-2.5.

By setting LLM_SERVER_PROVIDER=moonshot, you can use the same provider configuration file for both direct API access and LiteLLM proxy access without modifications. This setting is important when working with different LLM providers as they may expect different reasoning formats in their API requests. If you encounter reasoning-related errors with custom providers, try changing this setting. This setting is required by some LLM providers (e.g., Moonshot) that return errors like "thinking is enabled but reasoning_content is missing in assistant tool call message" when reasoning content is not included in multi-turn conversations.

Enable this setting if your provider requires reasoning content to be preserved. PentAGI requires models with larger context windows than the default Ollama configurations. You need to create custom models with increased num_ctx parameter through Modelfiles. While typical agent workflows consume around 64K tokens, PentAGI uses 110K context size for safety margin and handling complex penetration testing scenarios.

Important: The num_ctx parameter can only be set during model creation via Modelfile – it cannot be changed after model creation or overridden at runtime. Note: The QwQ 32B FP16 model requires approximately 71.3 GB VRAM for inference. Ensure your system has sufficient GPU memory before attempting to use this model. These custom models are referenced in the pre-built provider configuration files (ollama-qwen332b-fp16-tc.provider.yml and ollama-qwq32b-fp16-tc.provider.yml) that are included in the Docker image at /opt/pentagi/conf/.

The system automatically selects appropriate OpenAI models based on task complexity, optimizing for both performance and cost-effectiveness. The system leverages Claude's advanced understanding of security contexts to provide thorough and responsible penetration testing guidance. The system automatically selects appropriate Gemini models based on agent requirements, balancing performance, capabilities, and cost-effectiveness.

These default rate limits are extremely restrictive for comfortable penetration testing scenarios and will significantly impact your workflow. We strongly recommend: Without adequate rate limits, you may experience frequent delays, timeouts, and degraded testing performance. The system automatically selects appropriate Bedrock models based on task complexity and requirements, leveraging the full spectrum of available foundation models for optimal security testing results.

⚠️ Important: Some models like AI21 Jurassic-2 and Cohere Command (Text) have limited chat support and may not work properly with PentAGI's multi-turn conversation workflows. Note: AWS credentials can also be provided through IAM roles, environment variables, or AWS credential files following standard AWS SDK authentication patterns. Ensure your AWS account has appropriate permissions for Amazon Bedrock service access.

For advanced configuration options and detailed setup instructions, please visit our documentation. Langfuse provides advanced capabilities for monitoring and analyzing AI agent operations. For detailed system operation tracking, integration with monitoring tools is available. If you want to use Observability stack with Langfuse, you need to enable integration in .env file to set LANGFUSE_OTEL_EXPORTER_OTLP_ENDPOINT to http://otelcol:4318.

PentAGI integrates with Graphiti, a temporal knowledge graph system powered by Neo4j, to provide advanced semantic understanding and relationship tracking for AI agent operations. The vxcontrol fork provides custom entity and edge types that are specific to pentesting purposes. Graphiti automatically extracts and stores structured knowledge from agent interactions, building a graph of entities, relationships, and temporal context.

This enables: The Graphiti service is defined in docker-compose-graphiti.yml as a separate stack. You must run both compose files together to enable the knowledge graph functionality. The pre-built Docker image vxcontrol/graphiti:latest is used by default. OAuth integration with GitHub and Google allows users to authenticate using their existing accounts on these platforms. This provides several benefits: For using GitHub OAuth you need to create a new OAuth application in your GitHub account and set the GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET in .env file.

For using Google OAuth you need to create a new OAuth application in your Google account and set the GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET in .env file. PentAGI allows you to configure Docker image selection for executing various tasks. The system automatically chooses the most appropriate image based on the task type, but you can constrain this selection by specifying your preferred images: When these environment variables are set, AI agents will be limited to the image choices you specify.

This is particularly useful for: If a user explicitly specifies a particular Docker image in their task, the system will try to use that exact image, ignoring these settings. These variables only affect the system's automatic image selection process. For generating graphql files have to run npm run graphql:generate which using graphql-codegen.ts file. For generating SSL certificates you need to run npm run ssl:generate which using generate-ssl.ts file or it will be generated automatically when you run npm run dev.

The first run can take a while as dependencies and docker images need to be downloaded to setup the backend environment. PentAGI includes a powerful utility called ctester for testing and validating LLM agent capabilities. This tool helps ensure your LLM provider configurations work correctly with different agent types, allowing you to optimize model selection for each specific agent role. The utility features parallel testing of multiple agents, detailed reporting, and flexible configuration options.

For OpenAI accounts with unverified organizations that don't have access to the latest reasoning models (o1, o3, o4-mini), you need to use a custom configuration. To use OpenAI with unverified organization accounts, configure your .env file as follows: This configuration uses the pre-built custom-openai.provider.yml file that maps all agent types to models available for unverified organizations, using o3-mini instead of models like o1, o3, and o4-mini.

The LLM_SERVER_LEGACY_REASONING=true setting is crucial for OpenAI compatibility as it ensures reasoning parameters are sent in the format expected by OpenAI's API. When using LiteLLM proxy to access various LLM providers, model names are prefixed with the provider name (e.g., moonshot/kimi-2.5 instead of kimi-2.5). To use the same provider configuration files with both direct API access and LiteLLM proxy, set the LLM_SERVER_PROVIDER variable: With LLM_SERVER_PROVIDER=moonshot, the system automatically prefixes all model names from the configuration file with moonshot/, making them compatible with LiteLLM's model naming convention.

Note: The json test group is specifically designed for the simple_json agent type, while all other agents are tested with basic, advanced, and knowledge groups. This specialization ensures optimal testing coverage for each agent's intended purpose. This tool helps ensure your AI agents are using the most effective models for their specific tasks, improving reliability while optimizing costs. PentAGI uses vector embeddings for semantic search, knowledge storage, and memory management.

The system supports multiple embedding providers that can be configured according to your needs and preferences. To configure the embedding provider, set the following environment variables in your .env file: If EMBEDDING_URL and EMBEDDING_KEY are not specified, the system will attempt to use the corresponding LLM provider settings (e.g., OPEN_AI_KEY when EMBEDDING_PROVIDER=openai). If you change your embedding provider, you should flush and reindex your entire knowledge base (see etester utility below).

PentAGI includes a specialized etester utility for testing, managing, and debugging embedding functionality. This tool is essential for diagnosing and resolving issues related to vector embeddings and knowledge storage. PentAGI includes a versatile utility called ftester for debugging, testing, and developing specific functions and AI agent behaviors. While ctester focuses on testing LLM model capabilities, ftester allows you to directly invoke individual system functions and AI agent components with precise control over execution context.

The describe function provides detailed information about tasks and subtasks within a flow. This is particularly useful for diagnosing issues when PentAGI encounters problems or gets stuck. This function allows you to identify the exact point where a flow might be stuck and resume processing by directly invoking the appropriate agent function. This is particularly useful for production deployments where you don't have a local development environment.

Function-specific arguments are passed after the function name using -name value format. You can use docker buildx to build the image for different platforms like a docker buildx build –platform linux/amd64 -t local/pentagi:latest . You need to change image name in docker-compose.yml file to local/pentagi:latest and run docker compose up -d to start the server or use build key option in docker-compose.yml file.

VXControl Cloud SDK Integration: This repository integrates VXControl Cloud SDK under a special licensing exception that applies ONLY to the official PentAGI project. If you fork this project or create derivative works, the VXControl SDK components are subject to AGPL-3.0 license terms. You must either:

Summary

This report covers the latest developments in artificial intelligence. The information presented highlights key changes and updates that are relevant to those following this topic.

---