Pentest Swarm AI: Open-Source Autonomous Penetration Testing Platform Launches with Swarm Intelligence
Armur AI released Pentest Swarm AI, the first open-source autonomous penetration testing platform using swarm intelligence to coordinate nmap, SQLMap, Burp Suite, and Metasploit via a stigmergic blackboard architecture.
Armur AI has released Pentest Swarm AI, the first open-source autonomous penetration testing platform built on a swarm intelligence architecture. Unlike traditional multi-agent tools that rely on a central planner dispatching agents in a fixed sequence, Pentest Swarm AI enables agents to coordinate through a shared PostgreSQL-backed blackboard using pgvector, where findings carry pheromone weights that bias other agents toward high-value attack paths. This stigmergic approach allows attack chains to emerge organically without any agent prescribing them, making the platform more adaptive and scalable for red teams and bug bounty hunters.
The platform provides live, coordinated access to the full offensive security stack, including nmap, SQLMap, Burp Suite, ZAP, and Metasploit. It ships with eight ProjectDiscovery tools stable out of the box — subfinder, httpx, nuclei, naabu, katana, dnsx, and gau — plus a fully parsed nmap XML adapter with scope validation. sqlmap, Burp MCP bridge, Metasploit, and ZAP adapters are queued for Wave 2 of the roadmap, allowing the platform to grow more powerful without requiring a platform overhaul.
Pentest Swarm AI supports multiple AI models, including Claude (default, with prompt caching enabled for recon and classifier agents), Ollama for fully air-gapped local deployments, and any OpenAI-compatible model. This flexibility gives teams the ability to balance cost, privacy, and capability. No GPU or local model download is required when using the cloud path, making it accessible for organizations with limited hardware resources.
Every campaign produces submission-ready output across four formats: Markdown, HTML, JSON, and SARIF, queried directly from the blackboard by a dedicated report agent. Findings are automatically deduplicated and CVSS v3.1 scored per the FIRST specification. The `--scope` flag is enforced both at the tool layer and the executor layer for defense-in-depth, making it safe for CI/CD pipelines and bug-bounty programs.
A ready-made GitHub Action ships with SARIF output, enabling automated pentesting directly within any CI/CD workflow. The `pentestswarm mcp serve` command exposes the entire swarm as an MCP server, integrating natively with Claude Desktop and Cursor for IDE-level offensive security testing. This integration allows security professionals to run coordinated attacks from within their development environment.
Licensed under AGPL-3.0, Pentest Swarm AI is free for red teams, bug-bounty hunters, and internal security pipelines. The copyleft clause ensures that any commercial SaaS fork must return improvements to the open-source community. The project is available on GitHub, and Armur AI has announced plans for a free webinar to demonstrate the platform's capabilities.
The release of Pentest Swarm AI marks a significant shift in autonomous penetration testing, moving from rigid pipeline-based approaches to adaptive swarm intelligence. By enabling decentralized coordination and emergent attack chains, the platform promises to improve the efficiency and effectiveness of security assessments while remaining open-source and accessible to the broader cybersecurity community.