Pentest Swarm AI is the first open-source autonomous penetration testing platform built on a swarm intelligence architecture, not just multiple agents firing in a fixed sequence.<\/p>\n
Developed by Armur AI, it gives security professionals live, coordinated access to the full offensive stack, including nmap<\/a>, SQLMap, Burp Suite, ZAP, and Metasploit<\/a>, all driven by an AI model of your choice.<\/p>\n Most tools marketed as \u201cmulti-agent\u201d are actually pipelines \u2014 a single planner LLM dispatching specialists in a predetermined order: recon \u2192 classify \u2192 exploit \u2192 report. Pentest Swarm AI breaks this mold with three swarm-intelligence primitives:<\/p>\n The platform ships with eight ProjectDiscovery tools stable out of the box \u2014 Getting started requires just one API key and one command:<\/p>\n It supports Claude (default, with prompt caching enabled for recon and classifier agents), Ollama for fully air-gapped local deployments, and any OpenAI-compatible model, giving teams the flexibility to balance cost, privacy, and capability. No GPU, no local model download required when using the cloud path.<\/p>\n Every campaign produces submission-ready output across four formats Markdown, HTML, JSON, and SARIF queried directly from the blackboard by a dedicated report agent.<\/p>\n Findings are automatically deduplicated, CVSS v3.1 scored per the FIRST specification, and scoped: the What Makes It a True Swarm<\/strong><\/h2>\n
\n
subfinder<\/code>, httpx<\/code>, nuclei<\/code>, naabu<\/code>, katana<\/code>, dnsx<\/code>, gau<\/code> \u2014 plus a fully parsed nmap XML adapter with scope validation. sqlmap, Burp MCP bridge, Metasploit, and ZAP adapters are queued for Wave 2 of the roadmap, making the platform progressively more powerful without requiring a platform overhaul.<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEj8_9JHpCyNfqTh-nd-uskD4fGd8RfrcIzm73EAYfLMfgY_pmXeGOe95FomgceiYBxUmHy5DRM6htu-Gjccjn6_yJvCakMsLeFNzhNYpe4Lf7i1zEsVlHe1NclrK7sHHoliTWdnCzanMz-98LUoevjn5U3UJATa0xDi8EoVSTlAVp_AdFpsWEZ4WDkC4O8R\/s16000\/demo-flashy.gif?ssl=1\")
<\/figure>\nbash
export PENTESTSWARM_ORCHESTRATOR_API_KEY=sk-ant-your-key-here\npentestswarm scan example.com --scope example.com --swarm --follow<\/code><\/pre>\n--scope<\/code> flag is enforced both at the tool layer and the executor layer for defense-in-depth, making it safe for CI\/CD pipelines and bug-bounty programs<\/a>.<\/p>\n
![\"\u2705\"](\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/17.0.2\/72x72\/2705.png?ssl=1\")
<\/td>\n<\/tr>\n![\"\u274c\"](\"https:\/\/i0.wp.com\/s.w.org\/images\/core\/emoji\/17.0.2\/72x72\/274c.png?ssl=1\")
<\/td>\n<\/tr>\n