The AI that breaks into your systems before attackers do
PentAGI is an open-source AI agent that runs full security tests on your systems autonomously — no specialist required to set it in motion.
What it is
PentAGI is a piece of software that acts like a team of security professionals working through the night. You point it at a system — your website, your internal tools, your infrastructure — and it tries to find the weak spots. Methodically. Automatically. Without someone sitting at a keyboard guiding it.
It uses a team of AI sub-agents: one researches, one writes whatever small scripts are needed, one actually runs the tests. They coordinate, share findings, and build up a picture of what's vulnerable.
What makes it genuinely interesting is its memory. It keeps notes across sessions — so over time it gets better at recognising patterns. "This kind of target responded to this kind of test before." That's not something most security tools do.
Why a business owner should care
Hiring someone to do a proper penetration test costs anywhere from €2,000 to €20,000, and most small businesses skip it entirely. That's understandable — but it leaves real gaps.
This won't replace a senior security expert for anything critical. But for a small team that wants a first honest look at their own vulnerabilities, it's a serious option worth knowing about.
It's already been pulled from Docker (a standard way to run software) over 50,000 times in a short period. That's not a hobby project.
Words worth knowing
Penetration test — A controlled, authorised attempt to break into your own systems. Like hiring a locksmith to test your locks before a burglar does.
Docker — A way to run software in a contained box on your computer or server. Nothing it does affects the rest of your machine.
Knowledge graph — A way of storing information so that connections between things are remembered, not just the facts themselves.
Open-source — The code is public. Anyone can read it, use it, and check that it does what it says.
If you have a developer or a technical co-founder, ask them to take a look at pentagi.us. Even just reading what it reports back can tell you something useful about your own infrastructure.