CyberSentinel AI v3.0 Open-Source Platform Unifies 33 Security Tools with Multi-Provider AI Engine
CyberSentinel AI v3.0 integrates 33 cybersecurity tools like Nmap and SQLMap with a provider-agnostic AI engine supporting Claude, GPT-4o, and fully offline local inference using Ollama.
A new open-source cybersecurity platform called CyberSentinel AI v3.0 has emerged as a significant development in autonomous security tooling, combining 33 real-world penetration testing and threat intelligence tools with a provider-agnostic AI engine that supports Claude, GPT-4o, OpenRouter, and fully offline local inference via Ollama. Unlike conventional AI security assistants that just suggest commands, CyberSentinel AI actually executes tools including Nmap, SQLMap, Nikto, Nuclei, and OWASP ZAP inside an isolated Kali Linux Docker sandbox, then uses AI to analyze results in real time. The platform is available on GitHub under the handle 3sk1nt4n/cybersentinel-ai and is designed to run entirely on local infrastructure with no cloud dependencies required.
The platform deploys via Docker Compose and spans seven containerized services. A Next.js frontend delivers a streaming chat interface while a FastAPI backend handles AI routing, intent classification, and tool orchestration. Security scans execute inside a sandboxed Kali container, keeping potentially dangerous operations fully isolated from the host system. Supporting the AI layer are three data infrastructure components: Neo4j for knowledge graph mapping of attack surfaces and MITRE ATT&CK techniques, ChromaDB as a Retrieval-Augmented Generation engine grounded in MITRE, CIS, and NIST frameworks, and Elasticsearch with Kibana as an ELK Stack SIEM with pre-seeded security events for log analysis training.
The agentic execution model allows the AI to classify user intent, autonomously select appropriate tools, and run up to five tools concurrently before synthesizing a unified analysis — a meaningful step toward practical security automation. The platform organizes its toolset across six functional categories: Live Scanners include Nmap, Nikto, Nuclei, SQLMap, Subfinder, OWASP ZAP, SSL/TLS analysis, DNS Recon, WHOIS, HTTP Headers, and Ping/Traceroute. Threat intel APIs integrate with Shodan, VirusTotal, AbuseIPDB, AlienVault OTX, and NVD/CISA KEV. SIEM connectors support ELK Stack, Splunk, and Wazuh. AI detection modules cover Zeek analyzer, IOC extraction, log analysis, threat detection, and email phishing analysis. Threat hunting features include YARA, Sigma, Snort/Suricata rules, and a SIEM query generator. Compliance mapping addresses MITRE ATT&CK, MITRE ATLAS, NIST/CIS, HIPAA/PCI-DSS, and SOC 2/FedRAMP.
One of CyberSentinel's distinguishing features is its mid-conversation AI provider switching. Users can toggle between Anthropic Claude, OpenAI GPT-4o, OpenRouter (which unlocks 100+ models), and Ollama running qwen2.5:7b locally, all without losing conversation context. All API keys are optional; the platform operates fully offline using Ollama as the default inference engine. Live threat intelligence is pulled dynamically from NVD, CISA KEV, EPSS, AlienVault OTX, and Abuse.ch, keeping vulnerability context current without manual updates.
The platform enforces several safeguards, including input/output guardrails that block prompt injection, SSRF attacks, and system prompt leakage. All scans run inside an isolated container, and the project explicitly warns users that unauthorized scanning is illegal under the Computer Fraud and Abuse Act (CFAA). Recommended safe test targets include scanme.nmap.org and testphp.vulnweb.com. System requirements include Docker Desktop and a minimum of 8 GB of RAM. The initial build pulls approximately 4–5 GB of images and model data, with subsequent startups completing in roughly 30 seconds.
CyberSentinel AI v3.0 represents a notable convergence of agentic AI and real security tooling, offering security researchers and red teams a self-contained, locally operated alternative to cloud-dependent platforms. This open-source release follows a growing trend of AI-integrated security suites — such as SecSuite v0.1.0 — that aim to democratize access to advanced pentesting capabilities while reducing reliance on proprietary cloud services. By providing a fully offline, sandboxed environment with multi-LLM support, CyberSentinel lowers the barrier for small teams and independent researchers to conduct sophisticated security assessments.