[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-9749":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":17,"stars7d":18,"stars30d":19,"stars90d":16,"forks30d":16,"starsTrendScore":20,"compositeScore":21,"rankGlobal":10,"rankLanguage":10,"license":22,"archived":23,"fork":23,"defaultBranch":24,"hasWiki":25,"hasPages":25,"topics":26,"createdAt":10,"pushedAt":10,"updatedAt":33,"readmeContent":34,"aiSummary":35,"trendingCount":16,"starSnapshotCount":16,"syncStatus":36,"lastSyncTime":37,"discoverSource":38},9749,"cai","aliasrobotics\u002Fcai","aliasrobotics","Cybersecurity AI (CAI), the framework for AI Security","https:\u002F\u002Faliasrobotics.github.io\u002Fcai\u002F",null,"Python",9073,1346,94,1,0,17,233,599,126,40.39,"Other",false,"main",true,[27,28,29,30,31,32],"artificial-intelligence","cybersecurity","framework","generative-ai","llm","pentesting","2026-06-12 02:02:12","# Cybersecurity AI (`CAI`)\n\n\u003Cdiv align=\"center\">\n  \u003Cp>\n    \u003Ca align=\"center\" href=\"\" target=\"https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002FCAI\">\n      \u003Cimg\n        width=\"100%\"\n        src=\"https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fraw\u002Fmain\u002Fmedia\u002Fcai.png\"\n      >\n    \u003C\u002Fa>\n  \u003C\u002Fp>\n\n\n\u003Ca href=\"https:\u002F\u002Ftrendshift.io\u002Frepositories\u002F14317\" target=\"_blank\">\u003Cimg src=\"https:\u002F\u002Ftrendshift.io\u002Fapi\u002Fbadge\u002Frepositories\u002F14317\" alt=\"aliasrobotics%2Fcai | Trendshift\" style=\"width: 250px; height: 55px;\" width=\"250\" height=\"55\"\u002F>\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fdefiant.vc\u002Fapi\u002Feuropean-open-source\u002Fbadge?domain=aliasrobotics.com&style=most-starred-top-3\" target=\"_blank\">\u003Cimg src=\"https:\u002F\u002Fdefiant.vc\u002Fapi\u002Feuropean-open-source\u002Fbadge?domain=aliasrobotics.com&style=most-starred-top-3\" alt=\"European Open Source - Most Starred Top 3\" style=\" height: 75px;\" height=\"75\"\u002F>\u003C\u002Fa>\n\u003Ca href=\"https:\u002F\u002Fdefiant.vc\u002Fapi\u002Feuropean-open-source\u002Fbadge?domain=aliasrobotics.com&style=most-forked-top-3\" target=\"_blank\">\u003Cimg src=\"https:\u002F\u002Fdefiant.vc\u002Fapi\u002Feuropean-open-source\u002Fbadge?domain=aliasrobotics.com&style=most-forked-top-3\" alt=\"European Open Source - Most Forked Top 3\" style=\"height: 75px;\" height=\"75\"\u002F>\u003C\u002Fa>\n\n\n\n[![version](https:\u002F\u002Fbadge.fury.io\u002Fpy\u002Fcai-framework.svg)](https:\u002F\u002Fbadge.fury.io\u002Fpy\u002Fcai-framework)\n[![downloads](https:\u002F\u002Fstatic.pepy.tech\u002Fbadge\u002Fcai-framework)](https:\u002F\u002Fpepy.tech\u002Fprojects\u002Fcai-framework)\n[![Linux](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLinux-Supported-brightgreen?logo=linux&logoColor=white)](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai)\n[![OS X](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FOS%20X-Supported-brightgreen?logo=apple&logoColor=white)](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai)\n[![Windows](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FWindows-Supported-brightgreen?logo=windows&logoColor=white)](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai)\n[![Android](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FAndroid-Supported-brightgreen?logo=android&logoColor=white)](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai)\n[![Discord](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDiscord-7289DA?logo=discord&logoColor=white)](https:\u002F\u002Fdiscord.gg\u002FfnUFcTaQAC)\n[![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2504.06017-b31b1b.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2504.06017)\n[![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2506.23592-b31b1b.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2506.23592)\n[![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2508.13588-b31b1b.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2508.13588)\n[![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2508.21669-b31b1b.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2508.21669)\n[![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2509.14096-b31b1b.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2509.14096) \n[![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2509.14139-b31b1b.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2509.14139)\n[![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2510.17521-b31b1b.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2510.17521)\n[![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2510.24317-b31b1b.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2510.24317)\n\n\n\u003C\u002Fdiv>\n\n\u003C!-- CAI PRO - Professional Edition Banner -->\n\n\u003Cdiv align=\"center\">\n\n  \u003Ca href=\"https:\u002F\u002Faliasrobotics.com\u002Fcybersecurityai.php\" target=\"_blank\">\n    \u003Cimg src=\"media\u002Fcai-banner.svg\" alt=\"CAI - Community and Professional Editions\" width=\"100%\" style=\"max-width: 900px;\">\n  \u003C\u002Fa>\n\n  \u003Csub>\u003Ci>Professional Edition with unlimited \u003Ccode>alias1\u003C\u002Fcode> tokens\u003C\u002Fi> | \u003Ca href=\"https:\u002F\u002Faliasrobotics.com\u002Falias1.php#benchmarking\">📊 View Benchmarks\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Faliasrobotics.com\u002Fcybersecurityai.php\">🚀 Learn More\u003C\u002Fa>\u003C\u002Fsub>\n\n  \u003Ctable style=\"border-collapse: collapse; width: 100%\">\n    \u003Ctr>\n      \u003Ctd width=\"50%\" align=\"center\" style=\"padding: 0; border: none;\">\n        \u003Cimg src=\"media\u002Fcai_poc.gif\" alt=\"CAI Community Edition Demo\" width=\"100%\">\n      \u003C\u002Ftd>\n      \u003Ctd width=\"50%\" align=\"center\" style=\"padding: 0; border: none;\">\n        \u003Cimg src=\"media\u002Fcaipro_poc.gif\" alt=\"CAI PRO Professional Edition Demo\" width=\"100%\">\n      \u003C\u002Ftd>\n    \u003C\u002Ftr>\n  \u003C\u002Ftable>  \n\u003C\u002Fdiv>\n\n\u003C!-- Alternative HTML version (kept as comment for reference) -->\n\u003C!--\n\u003Cdiv align=\"center\">\n  \u003Ctable style=\"border-collapse: collapse; width: 100%; max-width: 900px; box-shadow: 0 4px 12px rgba(82, 157, 134, 0.15);\">\n    \u003Ctr>\n      \u003Ctd align=\"center\" width=\"50%\" style=\"padding: 20px; border: 3px solid #529d86; border-right: 1.5px solid #529d86; border-radius: 10px 0 0 10px; background: linear-gradient(135deg, #f0f8f6 0%, #ffffff 100%);\">\n        \u003Ch3 style=\"color: #3d7b6b;\">🔓 Community Edition\u003C\u002Fh3>\n        \u003Csub style=\"color: #529d86;\">\u003Cb>Research & Learning · Perfect for Researchers & Students\u003C\u002Fb>\u003C\u002Fsub>\u003Cbr>\u003Cbr>\n        \u003Ccode style=\"background: linear-gradient(135deg, #e8f5f1 0%, #d4ede5 100%); padding: 8px 16px; border-radius: 6px; font-size: 14px; border: 1px solid #529d86; color: #2d5a4d;\">pip install cai-framework\u003C\u002Fcode>\u003Cbr>\u003Cbr>\n        \u003Cdiv align=\"left\" style=\"margin: 10px auto; max-width: 200px; color: #2d2d2d;\">\n          ✅ \u003Cb style=\"color: #529d86;\">Free\u003C\u002Fb> for research\u003Cbr>\n          🤖 \u003Cb style=\"color: #529d86;\">300+\u003C\u002Fb> AI models\u003Cbr>\n          🌍 \u003Cb style=\"color: #529d86;\">Community\u003C\u002Fb> driven\u003Cbr>\n          📚 \u003Cb style=\"color: #529d86;\">Open\u003C\u002Fb> source\u003Cbr>\n          🔧 \u003Cb style=\"color: #529d86;\">Extensible\u003C\u002Fb> framework\u003Cbr>\n        \u003C\u002Fdiv>\n      \u003C\u002Ftd>\n      \u003Ctd align=\"center\" width=\"50%\" style=\"padding: 20px; border: 3px solid #529d86; border-left: 1.5px solid #529d86; border-radius: 0 10px 10px 0; background: linear-gradient(135deg, #529d86 0%, #6bb09a 100%); position: relative; box-shadow: inset 0 0 30px rgba(255, 255, 255, 0.1);\">\n        \u003Ch3 style=\"color: #ffffff; text-shadow: 0 2px 4px rgba(0, 0, 0, 0.2);\">🚀 \u003Ca href=\"https:\u002F\u002Faliasrobotics.com\u002Fcybersecurityai.php\" style=\"text-decoration: none; color: #ffffff;\">Professional Edition\u003C\u002Fa>\u003C\u002Fh3>\n        \u003Csub style=\"color: #e8f5f1;\">\u003Cb>Enterprise & Production · €350\u002Fmonth · Unlimited \u003Ccode style=\"background: rgba(255, 255, 255, 0.2); padding: 2px 6px; border-radius: 3px; color: #ffffff;\">alias1\u003C\u002Fcode> Tokens\u003C\u002Fb>\u003C\u002Fsub>\u003Cbr>\u003Cbr>\n        \u003Ca href=\"https:\u002F\u002Faliasrobotics.com\u002Fcybersecurityai.php\">\n          \u003Ccode style=\"background: linear-gradient(135deg, #ffffff 0%, #f0f8f6 100%); color: #529d86; padding: 10px 20px; border-radius: 6px; font-size: 14px; font-weight: bold; border: 2px solid #ffffff; box-shadow: 0 2px 8px rgba(0, 0, 0, 0.2);\">→ Upgrade to PRO\u003C\u002Fcode>\n        \u003C\u002Fa>\u003Cbr>\u003Cbr>\n        \u003Cdiv align=\"left\" style=\"margin: 10px auto; max-width: 280px; color: #ffffff;\">\n          ⚡ \u003Cb>\u003Ca href=\"https:\u002F\u002Faliasrobotics.com\u002Falias1.php#benchmarking\" style=\"color: #ffffff; text-decoration: underline;\">alias1\u003C\u002Fa>\u003C\u002Fb> model - ∞ unlimited tokens\u003Cbr>\n          🚫 \u003Cb>Zero refusals\u003C\u002Fb> - Unrestricted AI\u003Cbr>\n          🏆 \u003Cb>Beats GPT-5\u003C\u002Fb> in CTF benchmarks\u003Cbr>\n          🛡️ \u003Cb>Professional\u003C\u002Fb> support included\u003Cbr>\n          🇪🇺 \u003Cb>European\u003C\u002Fb> data sovereignty\u003Cbr>\n        \u003C\u002Fdiv>\n      \u003C\u002Ftd>\n    \u003C\u002Ftr>\n    \u003Ctr>\n      \u003Ctd colspan=\"2\" align=\"center\" style=\"padding: 10px; background: #f6f8fa;\">\n        \u003Csub>\n          \u003Ca href=\"https:\u002F\u002Faliasrobotics.com\u002Fcybersecurityai.php\">\u003C\u002Fa>\u003Cbr>\n          \u003Ci>CAI PRO w\u002F \u003Ccode>alias1\u003C\u002Fcode> model outperforms GPT-5 in AI vs AI cybersecurity benchmarks\u003C\u002Fi> | \u003Ca href=\"https:\u002F\u002Faliasrobotics.com\u002Falias1.php#benchmarking\">View Full Benchmarks →\u003C\u002Fa>\n        \u003C\u002Fsub>\n      \u003C\u002Ftd>\n    \u003C\u002Ftr>\n  \u003C\u002Ftable>\n\u003C\u002Fdiv>\n-->\n\n\nCybersecurity AI (CAI) is a lightweight, open-source framework that empowers security professionals to build and deploy AI-powered offensive and defensive automation. CAI is the *de facto* framework for AI Security, already used by thousands of individual users and hundreds of organizations. Whether you're a security researcher, ethical hacker, IT professional, or organization looking to enhance your security posture, CAI provides the building blocks to create specialized AI agents that can assist with mitigation, vulnerability discovery, exploitation, and security assessment.\n\n**Key Features:**\n- 🤖 **300+ AI Models**: Support for OpenAI, Anthropic, DeepSeek, Ollama, and more\n- 🔧 **Built-in Security Tools**: Ready-to-use tools for reconnaissance, exploitation, and privilege escalation  \n- 🏆 **Battle-tested**: Proven in HackTheBox CTFs, bug bounties, and real-world security [case studies](https:\u002F\u002Faliasrobotics.com\u002Fcase-studies-robot-cybersecurity.php)\n- 🎯 **Agent-based Architecture**: Modular framework design to build specialized agents for different security tasks\n- 🛡️ **Guardrails Protection**: Built-in defenses against prompt injection and dangerous command execution\n- 📚 **Research-oriented**: Research foundation to democratize cybersecurity AI for the community\n\n> [!NOTE]\n> Read the technical report: [CAI: An Open, Bug Bounty-Ready Cybersecurity AI](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2504.06017)\n>\n> For further readings, refer to our [impact](#-impact) and [CAI citation](#citation) sections.\n\n\n\n| [`Robotics` - CAI and alias1 on: Unitree G1 Humanoid Robot](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-humanoid-robot-g1.php) | [`OT` - CAI and alias1 on: Dragos OT CTF 2025](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-dragos-CTF.php) |\n|------------------------------------------------|---------------------------------|\n| CAI uncovers vulnerabilities and privacy violations in Unitree G1 humanoid robots including unauthorized telemetry transmission to China-related servers, exposed RSA keys with world-writable permissions, and potential surveillance capabilities violating GDPR and international privacy laws. | CAI powered by alias1, demonstrates exceptional performance in operational technology cybersecurity by achieving a Top-10 ranking in the Dragos OT CTF 2025. The AI agent reached Rank 1 during competition hours 7-8, completed 32 of 34 challenges, and maintained a 37% velocity advantage over top human teams. |\n| [![](docs\u002Fassets\u002Fimages\u002Fcase-study-humanoid-portada.png)](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-humanoid-robot-g1.php) | [![](docs\u002Fassets\u002Fimages\u002Fcase-study-dragosCTF.png)](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-dragos-CTF.php) |\n\n| [`IT` (Bug Bounty) - CAI on: HackerOne Platform](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-hackerone.php) | [`OT` - CAI and alias0 on: Ecoforest Heat Pumps](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-ecoforest.php) |\n|------------------------------------------------|---------------------------------|\n| HackerOne's top engineers leverage CAI to explore next-gen agentic AI architectures and build their own security products. CAI's Retester agent directly inspired HackerOne's AI-powered Deduplication Agent, now deployed in production to handle millions of vulnerability reports at scale. | CAI discovers critical vulnerability in Ecoforest heat pumps allowing unauthorized remote access and potential catastrophic failures. AI-powered security testing reveals exposed credentials and DES encryption weaknesses affecting all of their deployed units across Europe.  |\n| [![](docs\u002Fassets\u002Fimages\u002Fcase-study-hackerone.png)](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-hackerone.php) | [![](https:\u002F\u002Faliasrobotics.com\u002Fimg\u002Fcase-study-portada-ecoforest.png)](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-ecoforest.php) |\n\n| [`Robotics` - CAI and alias0 on: Mobile Industrial Robots (MiR)](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-cai-mir.php) | [`IT` (Web) - CAI and alias0 on: Mercado Libre's e-commerce](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-mercado-libre.php) |\n|------------------------------------------------|---------------------------------|\n| CAI-powered security testing of MiR (Mobile Industrial Robot) platform through automated ROS message injection attacks. This study demonstrates how AI-driven vulnerability discovery can expose unauthorized access to robot control systems and alarm triggers.  |  CAI-powered API vulnerability discovery at Mercado Libre through automated enumeration attacks. This study demonstrates how AI-driven security testing can expose user data exposure risks in e-commerce platforms at scale.  |\n| [![](https:\u002F\u002Faliasrobotics.com\u002Fimg\u002Fcase-study-portada-mir-cai.png)](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-cai-mir.php) | [![](https:\u002F\u002Faliasrobotics.com\u002Fimg\u002Fcase-study-portada-mercado-libre.png)](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-mercado-libre.php) |\n\n| [`OT` - CAI and alias0 on: MQTT broker](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-cai-mqtt-broker.php) | [`IT` (Web) - CAI and alias0 on: PortSwigger Web Security Academy](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-portswigger-1.php) |\n|------------------------------------------------|---------------------------------|\n|  CAI-powered testing exposed critical flaws in an MQTT broker within a Dockerized OT network. Without authentication, CAI subscribed to temperature and humidity topics and injected false values, corrupting data shown in Grafana dashboards. | CAI-powered race condition exploitation in file upload vulnerability. This study demonstrates how AI-driven security testing can identify and exploit timing windows in web applications, successfully uploading and executing web shells through automated parallel requests. |\n| [![](https:\u002F\u002Faliasrobotics.com\u002Fimg\u002Fcase-study-portada-mqtt-broker-cai.png)](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-cai-mqtt-broker.php) | [![](docs\u002Fassets\u002Fimages\u002Fportada-portswigger-web-1.jpg)](https:\u002F\u002Faliasrobotics.com\u002Fcase-study-portswigger-1.php) |\n\n\n\n> [!WARNING]\n> :warning: CAI is in active development, so don't expect it to work flawlessly. Instead, contribute by raising an issue or [sending a PR](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fpulls).\n>\n> Access to this library and the use of information, materials (or portions thereof), is **\u003Cu>not intended\u003C\u002Fu>, and is \u003Cu>prohibited\u003C\u002Fu>, where such access or use violates applicable laws or regulations**. By no means the authors encourage or promote the unauthorized tampering with running systems. This can cause serious human harm and material damages.\n>\n> *By no means the authors of CAI encourage or promote the unauthorized tampering with compute systems. Please don't use the source code in here for cybercrime. \u003Cu>Pentest for good instead\u003C\u002Fu>*. By downloading, using, or modifying this source code, you agree to the terms of the [`LICENSE`](LICENSE) and the limitations outlined in the [`DISCLAIMER`](DISCLAIMER) file.\n\n## :bookmark: Table of Contents\n\n- [Cybersecurity AI (`CAI`)](#cybersecurity-ai-cai)\n  - [:bookmark: Table of Contents](#bookmark-table-of-contents)\n  - [🎯 Impact](#-impact)\n    - [🏆 Competitions and challenges](#-competitions-and-challenges)\n    - [📊 Research Impact](#-research-impact)\n    - [📚 Research products: `Cybersecurity AI`](#-research-products-cybersecurity-ai)\n  - [PoCs](#pocs)\n  - [Motivation](#motivation)\n    - [:bust\\_in\\_silhouette: Why CAI?](#bust_in_silhouette-why-cai)\n    - [Ethical principles behind CAI](#ethical-principles-behind-cai)\n    - [Closed-source alternatives](#closed-source-alternatives)\n  - [Learn - `CAI` Fluency](#learn---cai-fluency)\n  - [:nut\\_and\\_bolt: Install](#nut_and_bolt-install)\n    - [OS X](#os-x)\n    - [Ubuntu 24.04](#ubuntu-2404)\n    - [Ubuntu 20.04](#ubuntu-2004)\n    - [Windows WSL](#windows-wsl)\n    - [Android](#android)\n    - [:nut\\_and\\_bolt: Setup `.env` file](#nut_and_bolt-setup-env-file)\n    - [🔹 Custom OpenAI Base URL Support](#-custom-openai-base-url-support)\n  - [:triangular\\_ruler: Architecture:](#triangular_ruler-architecture)\n    - [🔹 Agent](#-agent)\n    - [🔹 Tools](#-tools)\n    - [🔹 Handoffs](#-handoffs)\n    - [🔹 Patterns](#-patterns)\n    - [🔹 Turns and Interactions](#-turns-and-interactions)\n    - [🔹 Tracing](#-tracing)\n    - [🔹 Guardrails](#-guardrails)\n    - [🔹 Human-In-The-Loop (HITL)](#-human-in-the-loop-hitl)\n  - [:rocket: Quickstart](#rocket-quickstart)\n    - [Environment Variables](#environment-variables)\n    - [OpenRouter Integration](#openrouter-integration)\n    - [Azure OpenAI](#azure-openai)\n    - [MCP](#mcp)\n  - [Development](#development)\n    - [Contributions](#contributions)\n    - [Optional Requirements: caiextensions](#optional-requirements-caiextensions)\n    - [:information\\_source: Usage Data Collection](#information_source-usage-data-collection)\n    - [Reproduce CI-Setup locally](#reproduce-ci-setup-locally)\n  - [FAQ](#faq)\n  - [Citation](#citation)\n  - [Acknowledgements](#acknowledgements)\n    - [Academic Collaborations](#academic-collaborations)\n\n\n\n## 🎯 Impact\n\n### 🏆 Competitions and challenges\n[![](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FHTB_ranking-top_90_Spain_(5_days)-red.svg)](https:\u002F\u002Fapp.hackthebox.com\u002Fusers\u002F2268644)\n[![](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FHTB_ranking-top_50_Spain_(6_days)-red.svg)](https:\u002F\u002Fapp.hackthebox.com\u002Fusers\u002F2268644)\n[![](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FHTB_ranking-top_30_Spain_(7_days)-red.svg)](https:\u002F\u002Fapp.hackthebox.com\u002Fusers\u002F2268644)\n[![](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FHTB_ranking-top_500_World_(7_days)-red.svg)](https:\u002F\u002Fapp.hackthebox.com\u002Fusers\u002F2268644)\n[![](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FHTB_\"Human_vs_AI\"_CTF-top_1_(AIs)_world-red.svg)](https:\u002F\u002Fctf.hackthebox.com\u002Fevent\u002F2000\u002Fscoreboard)\n[![](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FHTB_\"Human_vs_AI\"_CTF-top_1_Spain-red.svg)](https:\u002F\u002Fctf.hackthebox.com\u002Fevent\u002F2000\u002Fscoreboard)\n[![](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FHTB_\"Human_vs_AI\"_CTF-top_20_World-red.svg)](https:\u002F\u002Fctf.hackthebox.com\u002Fevent\u002F2000\u002Fscoreboard)\n[![](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FHTB_\"Human_vs_AI\"_CTF-750_$-yellow.svg)](https:\u002F\u002Fctf.hackthebox.com\u002Fevent\u002F2000\u002Fscoreboard)\n[![](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FMistral_AI_Robotics_Hackathon-2500_$-yellow.svg)](https:\u002F\u002Flu.ma\u002Froboticshack?tk=RuryKF)\n\n### 📊 Research Impact\n- Pioneered LLM-powered AI Security with PentestGPT, establishing the foundation for the `Cybersecurity AI` research domain [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2308.06782-4a9b8e.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2308.06782)\n- Established the `Cybersecurity AI` research line with **8 papers and technical reports**, with active research collaborations [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2504.06017-63bfab.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2504.06017) [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2506.23592-7dd3c0.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2506.23592) [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2508.13588-52a896.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2508.13588) [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2508.21669-85e0d1.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2508.21669) [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2509.14096-3e8b7a.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2509.14096) [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2509.14139-6bc7b5.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2509.14139) [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2510.17521-b31b1b.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2510.17521) [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2510.24317-b31b1b.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2510.24317)\n\n- Demonstrated **3,600× performance improvement** over human penetration testers in standardized CTF benchmark evaluations [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2504.06017-63bfab.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2504.06017)\n- Identified **CVSS 4.3-7.5 severity vulnerabilities** in production systems through automated security assessment [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2504.06017-63bfab.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2504.06017)\n- **Democratization of AI-empowered vulnerability research**: CAI enables both non-security domain experts and experienced researchers to conduct more efficient vulnerability discovery, expanding the security research community while empowering small and medium enterprises to conduct autonomous security assessments [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2504.06017-63bfab.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2504.06017)\n- **Systematic evaluation of large language models** across both proprietary and open-weight architectures, revealing \u003Cu>substantial gaps\u003C\u002Fu> between vendor-reported capabilities and empirical cybersecurity performance metrics [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2504.06017-63bfab.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2504.06017)\n- Established the **autonomy levels in cybersecurity** and argued about autonomy vs automation in the field [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2506.23592-7dd3c0.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2506.23592)\n- **Collaborative research initiatives** with international academic institutions focused on developing cybersecurity education curricula and training methodologies [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2508.13588-52a896.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2508.13588)\n- **Contributed a comprehensive defense framework against prompt injection in AI security agents**: developed and empirically validated a multi-layered defense system that addresses the identified prompt injection issues [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2508.21669-85e0d1.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2508.21669)\n- Explord the Cybersecurity of Humanoid Robots with CAI and identified new attack vectors showing how it `(a)` operates simultaneously as a covert surveillance node and `(b)` can be purposed as an active cyber operations platform [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2509.14096-3e8b7a.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2509.14096) [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2509.14139-6bc7b5.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2509.14139)\n\n\n### 📚 Research products: `Cybersecurity AI`\n\n|  CAI, An Open, Bug Bounty-Ready Cybersecurity AI [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2504.06017-63bfab.svg)](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2504.06017) |  The Dangerous Gap Between Automation and Autonomy [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2506.23592-7dd3c0.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2506.23592) |  CAI Fluency, A Framework for Cybersecurity AI Fluency [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2508.13588-52a896.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2508.13588) | Hacking the AI Hackers via Prompt Injection [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2508.21669-85e0d1.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2508.21669) |\n|---|---|---|---|\n| [\u003Cimg src=\"https:\u002F\u002Faliasrobotics.com\u002Fimg\u002Fpaper-cai.png\" width=\"350\">](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2504.06017) | [\u003Cimg src=\"https:\u002F\u002Faliasrobotics.com\u002Fimg\u002Fcai_automation_vs_autonomy.png\" width=\"350\">](https:\u002F\u002Fwww.arxiv.org\u002Fpdf\u002F2506.23592) | [\u003Cimg src=\"https:\u002F\u002Faliasrobotics.com\u002Fimg\u002Fcai_fluency_cover.png\" width=\"350\">](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2508.13588) | [\u003Cimg src=\"https:\u002F\u002Faliasrobotics.com\u002Fimg\u002Faihackers.jpeg\" width=\"350\">](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2508.21669) |\n\n\n | Humanoid Robots as Attack Vectors [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2509.14139-6bc7b5.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2509.14139) | The Cybersecurity of a Humanoid Robot [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2509.14096-3e8b7a.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2509.14096) |   Evaluating Agentic Cybersecurity in Attack\u002FDefense CTFs [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2510.17521-b31b1b.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2510.17521) | CAIBench: A Meta-Benchmark for Evaluating Cybersecurity AI Agents [![arXiv](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FarXiv-2510.24317-b31b1b.svg)](https:\u002F\u002Farxiv.org\u002Fabs\u002F2510.24317) |\n|---|---|---|---|\n|  [\u003Cimg src=\"https:\u002F\u002Faliasrobotics.com\u002Fimg\u002Fhumanoids-cover.png\" width=\"350\">](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2509.14139) | [\u003Cimg src=\"https:\u002F\u002Faliasrobotics.com\u002Fimg\u002Fhumanoid.png\" width=\"350\">](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2509.14096) | [\u003Cimg src=\"https:\u002F\u002Faliasrobotics.com\u002Fimg\u002Fcai_ad.png\" width=\"350\">](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2510.17521) | [\u003Cimg src=\"https:\u002F\u002Faliasrobotics.com\u002Fimg\u002Fcaibench_banner2.png\" width=\"350\">](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2510.24317) |\n\n\n\n## PoCs\n| CAI with `alias0` on ROS message injection attacks in MiR-100 robot | CAI with `alias0` on API vulnerability discovery at Mercado Libre |\n|-----------------------------------------------|---------------------------------|\n| [![asciicast](https:\u002F\u002Fasciinema.org\u002Fa\u002FdNv705hZel2Rzrw0cju9HBGPh.svg)](https:\u002F\u002Fasciinema.org\u002Fa\u002FdNv705hZel2Rzrw0cju9HBGPh) | [![asciicast](https:\u002F\u002Fasciinema.org\u002Fa\u002F9Hc9z1uFcdNjqP3bY5y7wO1Ww.svg)](https:\u002F\u002Fasciinema.org\u002Fa\u002F9Hc9z1uFcdNjqP3bY5y7wO1Ww) |\n\n\n| CAI on JWT@PortSwigger CTF — Cybersecurity AI | CAI on HackableII Boot2Root CTF — Cybersecurity AI |\n|-----------------------------------------------|---------------------------------|\n| [![asciicast](https:\u002F\u002Fasciinema.org\u002Fa\u002F713487.svg)](https:\u002F\u002Fasciinema.org\u002Fa\u002F713487) | [![asciicast](https:\u002F\u002Fasciinema.org\u002Fa\u002F713485.svg)](https:\u002F\u002Fasciinema.org\u002Fa\u002F713485) |\n\nMore case studies and PoCs are available at [https:\u002F\u002Faliasrobotics.com\u002Fcase-studies-robot-cybersecurity.php](https:\u002F\u002Faliasrobotics.com\u002Fcase-studies-robot-cybersecurity.php).\n\n## Motivation\n### :bust_in_silhouette: Why CAI?\nThe cybersecurity landscape is undergoing a dramatic transformation as AI becomes increasingly integrated into security operations. **We predict that by 2028, AI-powered security testing tools will outnumber human pentesters**. This shift represents a fundamental change in how we approach cybersecurity challenges. *AI is not just another tool - it's becoming essential for addressing complex security vulnerabilities and staying ahead of sophisticated threats. As organizations face more advanced cyber attacks, AI-enhanced security testing will be crucial for maintaining robust defenses.*\n\nThis work builds upon prior efforts[^4] and similarly, we believe that democratizing access to advanced cybersecurity AI tools is vital for the entire security community. That's why we're releasing Cybersecurity AI (`CAI`) as an open source framework. Our goal is to empower security researchers, ethical hackers, and organizations to build and deploy powerful AI-driven security tools. By making these capabilities openly available, we aim to level the playing field and ensure that cutting-edge security AI technology isn't limited to well-funded private companies or state actors.\n\nBug Bounty programs have become a cornerstone of modern cybersecurity, providing a crucial mechanism for organizations to identify and fix vulnerabilities in their systems before they can be exploited. These programs have proven highly effective at securing both public and private infrastructure, with researchers discovering critical vulnerabilities that might have otherwise gone unnoticed. CAI is specifically designed to enhance these efforts by providing a lightweight, ergonomic framework for building specialized AI agents that can assist in various aspects of Bug Bounty hunting - from initial reconnaissance to vulnerability validation and reporting. Our framework aims to augment human expertise with AI capabilities, helping researchers work more efficiently and thoroughly in their quest to make digital systems more secure.\n\n### Ethical principles behind CAI\n\nYou might be wondering if releasing CAI *in-the-wild* given its capabilities and security implications is ethical. Our decision to open-source this framework is guided by two core ethical principles:\n\n1. **Democratizing Cybersecurity AI**: We believe that advanced cybersecurity AI tools should be accessible to the entire security community, not just well-funded private companies or state actors. By releasing CAI as an open source framework, we aim to empower security researchers, ethical hackers, and organizations to build and deploy powerful AI-driven security tools, leveling the playing field in cybersecurity.\n\n2. **Transparency in AI Security Capabilities**: Based on our research results, understanding of the technology, and dissection of top technical reports, we argue that current LLM vendors are undermining their cybersecurity capabilities. This is extremely dangerous and misleading. By developing CAI openly, we provide a transparent benchmark of what AI systems can actually do in cybersecurity contexts, enabling more informed decisions about security postures.\n\nCAI is built on the following core principles:\n- **Cybersecurity oriented AI framework**: CAI is specifically designed for cybersecurity use cases, aiming at semi- and fully-automating offensive and defensive security tasks.\n- **Open source, free for research**: CAI is open source and free for research purposes. We aim at democratizing access to AI and Cybersecurity. For professional or commercial use, including on-premise deployments, dedicated technical support and custom extensions [reach out](mailto:research@aliasrobotics.com) to obtain a license.\n- **Lightweight**: CAI is designed to be fast, and easy to use.\n- **Modular and agent-centric design**: CAI operates on the basis of agents and agentic patterns, which allows flexibility and scalability. You can easily add the most suitable agents and pattern for your cybersecuritytarget case.\n- **Tool-integration**: CAI integrates already built-in tools, and allows the user to integrate their own tools with their own logic easily.\n- **Logging and tracing integrated**: using [`phoenix`](https:\u002F\u002Fgithub.com\u002FArize-ai\u002Fphoenix), the open source tracing and logging tool for LLMs. This provides the user with a detailed traceability of the agents and their execution.\n- **Multi-Model Support**: more than 300 supported and empowered by [LiteLLM](https:\u002F\u002Fgithub.com\u002FBerriAI\u002Flitellm). The most popular providers:\n  - **Anthropic**: `Claude 3.7`, `Claude 3.5`, `Claude 3`, `Claude 3 Opus`\n  - **OpenAI**: `O1`, `O1 Mini`, `O3 Mini`, `GPT-4o`, `GPT-4.5 Preview`\n  - **DeepSeek**: `DeepSeek V3`, `DeepSeek R1`\n  - **Ollama**: `Qwen2.5 72B`, `Qwen2.5 14B`, etc\n\n\n### Closed-source alternatives\nCybersecurity AI is a critical field, yet many groups are misguidedly pursuing it through closed-source methods for pure economic return, leveraging similar techniques and building upon existing closed-source (*often third-party owned*) models. This approach not only squanders valuable engineering resources but also represents an economic waste and results in redundant efforts, as they often end up reinventing the wheel. Here are some of the closed-source initiatives we keep track of and attempting to leverage genAI and agentic frameworks in cybersecurity AI:\n\n- [Autonomous Cyber](https:\u002F\u002Fwww.acyber.co\u002F)\n- [CrackenAGI](https:\u002F\u002Fcracken.ai\u002F)\n- [ETHIACK](https:\u002F\u002Fethiack.com\u002F)\n- [Horizon3](https:\u002F\u002Fhorizon3.ai\u002F)\n- [Irregular](https:\u002F\u002Fwww.irregular.com\u002F)\n- [Kindo](https:\u002F\u002Fwww.kindo.ai\u002F)\n- [Lakera](https:\u002F\u002Flakera.ai)\n- [Mindfort](www.mindfort.ai)\n- [Mindgard](https:\u002F\u002Fmindgard.ai\u002F)\n- [NDAY Security](https:\u002F\u002Fndaysecurity.com\u002F)\n- [Penligent](https:\u002F\u002Fpenligent.ai\u002F) \n- [Runsybil](https:\u002F\u002Fwww.runsybil.com)\n- [Selfhack](https:\u002F\u002Fwww.selfhack.fi)\n- [Sola Security](https:\u002F\u002Fsola.security\u002F)\n- [SQUR](https:\u002F\u002Fsqur.ai\u002F)\n- [Staris](https:\u002F\u002Fstaris.tech\u002F)\n- [Sxipher](https:\u002F\u002Fwww.sxipher.com\u002F) (seems discontinued)\n- [Terra Security](https:\u002F\u002Fwww.terra.security)\n- [Vibeproxy](https:\u002F\u002Fvibeproxy.app\u002F) \n- [Xint](https:\u002F\u002Fxint.io\u002F)\n- [XBOW](https:\u002F\u002Fwww.xbow.com)\n- [ZeroPath](https:\u002F\u002Fwww.zeropath.com)\n- [Zynap](https:\u002F\u002Fwww.zynap.com)\n- [7ai](https:\u002F\u002F7ai.com)\n\n\n## Learn - `CAI` Fluency\n\n\u003Cdiv align=\"center\">\n  \u003Cp>\n    \u003Ca align=\"center\" href=\"\" target=\"https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002FCAI\">\n      \u003Cimg\n        width=\"100%\"\n        src=\"https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fraw\u002Fmain\u002Fmedia\u002Fcaiedu.PNG\"\n      >\n    \u003C\u002Fa>\n  \u003C\u002Fp>\n\u003C\u002Fdiv>\n\n> [!NOTE]\n>\n> CAI Fluency technical report ([arXiv:2508.13588](https:\u002F\u002Farxiv.org\u002Fpdf\u002F2508.13588)) establishes formal educational frameworks for cybersecurity AI literacy.\n\n\n\n|       |   Description  | English | Spanish |\n|-------|----------------|---------|---------|\n| **Episode 0**: What is CAI? | Cybersecurity AI (`CAI`) explained  |  [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002FnBdTxbKM4oo\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=nBdTxbKM4oo) | [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002FFaUL9HXrQ5k\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=FaUL9HXrQ5k) |\n| **Episode 1**: The `CAI` Framework | Vision & Ethics - Explore the core motivation behind CAI and delve into the crucial ethical principles guiding its development. Understand the motivation behind CAI and how you can actively contribute to the future of cybersecurity and the CAI framework. | [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002FQEiGdsMf29M\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=QEiGdsMf29M&list=PLLc16OUiZWd4RuFdN5_Wx9xwjCVVbopzr&index=3) |  |\n| **Episode 2**: From Zero to Cyber Hero | Breaking into Cybersecurity with AI - A comprehensive guide for complete beginners to become cybersecurity practitioners using CAI and AI tools. Learn how to leverage artificial intelligence to accelerate your cybersecurity learning journey, from understanding basic security concepts to performing real-world security assessments, all without requiring prior cybersecurity experience. | [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002FhSTLHOOcQoY\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=hSTLHOOcQoY&list=PLLc16OUiZWd4RuFdN5_Wx9xwjCVVbopzr&index=14) |  |\n| **Episode 3**: Vibe-Hacking Tutorial | \"My first Hack\" - A Vibe-Hacking guide for newbies. We demonstrate a simple web security hack using a default agent and show how to leverage tools and interpret CAI output with the help of the CAI Python API. You'll also learn to compare different LLM models to find the best fit for your hacking endeavors. | [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002F9vZ_Iyex7uI\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=9vZ_Iyex7uI&list=PLLc16OUiZWd4RuFdN5_Wx9xwjCVVbopzr&index=1) | [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002FiAOMaI1ftiA\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=iAOMaI1ftiA&list=PLLc16OUiZWd4RuFdN5_Wx9xwjCVVbopzr&index=2) |\n| **Episode 4**: Intro ReAct | The Evolution of LLMs - Learn how LLMs evolved from basic language models to advanced multiagency AI systems. From basic LLMs to Chain-of-Thought and Reasoning LLMs towards ReAct and Multi-Agent Architectures. Get to know the basic terms | [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002FtLdFO1flj_o\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=tLdFO1flj_o&list=PLLc16OUiZWd4RuFdN5_Wx9xwjCVVbopzr&index=13) | |\n| **Episode 5**: CAI on CTF challenges | Dive into Capture The Flag (CTF) competitions using CAI. Learn how to leverage AI agents to solve various cybersecurity challenges including web exploitation, cryptography, reverse engineering, and forensics. Discover how to configure CAI for competitive hacking scenarios and maximize your CTF performance with intelligent automation. | [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002FMrXTQ0e2to4\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=MrXTQ0e2to4&list=PLLc16OUiZWd4RuFdN5_Wx9xwjCVVbopzr&index=13) | [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002Fr9US_JZa9_c\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=r9US_JZa9_c&list=PLLc16OUiZWd4RuFdN5_Wx9xwjCVVbopzr&index=12) |\n|  |  |  |  |\n| **Annex 1**: `CAI` 0.5.x release  | Introduce version 0.5 of `CAI` including new multi-agent functionality, new commands such as `\u002Fhistory`, `\u002Fcompact`, `\u002Fgraph` or `\u002Fmemory` and a case study showing how `CAI` found a critical security flaw in OT heap pumps spread around the world. |  [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002FOPFH0ANUMMw\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=OPFH0ANUMMw) | [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002FQ8AI4E4gH8k\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=Q8AI4E4gH8k) |\n| **Annex 2**: `CAI` 0.4.x release and `alias0`  | Introducing version 0.4 of `CAI` with *streaming* and improved MCP support. We also introduce `alias0`, the Privacy-First Cybersecurity AI, a Model-of-Models Intelligence that implements a Privacy-by-Design architecture and obtains state-of-the-art results in cybersecurity benchmarks. |  [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002FNZjzfnvAZcc\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=NZjzfnvAZcc) |  |\n| **Annex 3**: Cybersecurity AI Community Meeting #1  | First Cybersecurity AI (`CAI`) community meeting, over 40 participants from academia, industry, and defense gathered to discuss the open-source scaffolding behind CAI — a project designed to build agentic AI systems for cybersecurity that are open, modular, and Bug Bounty-ready. |  [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002F4JqaTiVlgsw\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=4JqaTiVlgsw) |  |\n| **Annex 4**: `CAI PRO` PoC  | Short proof-of-concept demonstration of [CAI PRO](https:\u002F\u002Faliasrobotics.com\u002Fcybersecurityai.php) capabilities showcasing the Professional Edition with unlimited `alias1` tokens, unrestricted AI, and enterprise-grade security testing features. | ![CAI PRO Demo](media\u002Fcaipro_poc.gif) |  |\n| **Annex 5**: `CAI` PoC  | Short proof-of-concept demonstration of CAI Community Edition showcasing the open-source framework's core capabilities for AI-powered security testing and vulnerability discovery. | ![CAI Demo](media\u002Fcai_poc.gif) |  |\n| **Annex 6**: CAI in `Jaula del N00B`  |  CAI (CIBERSEGURIDAD CON IA) LUIJAIT EN LA JAULA DEL N00B  - Demonstration and discussion of CAI framework capabilities in the popular Spanish cybersecurity podcast\u002Fshow. |  | [![Watch the video](https:\u002F\u002Fimg.youtube.com\u002Fvi\u002FKD2_xzIOkWg\u002F0.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=KD2_xzIOkWg) |\n\n\n\n\n## :nut_and_bolt: Install\n\n> [!NOTE]\n> **CAI Professional Edition Users**: If you have an active CAI Pro subscription, we provide dedicated installation guides for versions 0.5 and 0.6. Official support is available for Ubuntu 24.04 (x86_64). Installation instructions for other operating systems are provided as-is without official support:\n> - [CAI Pro v0.6 Installation Guide](docs\u002FInstallation_Guide_for_CAI_Pro_v0.6.md)\n> - [CAI Pro v0.5 Installation Guide](docs\u002FInstallation_Guide_for_CAI_Pro_v0.5.md)\n\n### Community Edition Installation\n\n```bash\npip install cai-framework\n```\n\nAlways create a new virtual environment to ensure proper dependency installation when updating CAI.\n\nThe following subsections provide a more detailed walkthrough on selected popular Operating Systems. Refer to the [Development](#development) section for developer-related install instructions.\nFor API Keys env syntax  check litellm Documentation. [LiteLLM Documentation](https:\u002F\u002Fdocs.litellm.ai\u002Fdocs\u002Ftutorials\u002Finstallation)\n\n### OS X\n```bash\nbrew update && \\\n    brew install git python@3.12\n\n# Create virtual environment\npython3.12 -m venv cai_env\n\n# Install the package from the local directory\nsource cai_env\u002Fbin\u002Factivate && pip install cai-framework\n\n# Generate a .env file and set up with defaults\necho -e 'OPENAI_API_KEY=\"sk-1234\"\\nANTHROPIC_API_KEY=\"\"\\nOLLAMA=\"\"\\nPROMPT_TOOLKIT_NO_CPR=1\\nCAI_STREAM=false' > .env\n\n# Launch CAI\ncai  # first launch it can take up to 30 seconds\n```\n\n### Ubuntu 24.04\n```bash\nsudo apt-get update && \\\n    sudo apt-get install -y git python3-pip python3.12-venv\n\n# Create the virtual environment\npython3.12 -m venv cai_env\n\n# Install the package from the local directory\nsource cai_env\u002Fbin\u002Factivate && pip install cai-framework\n\n# Generate a .env file and set up with defaults\necho -e 'OPENAI_API_KEY=\"sk-1234\"\\nANTHROPIC_API_KEY=\"\"\\nOLLAMA=\"\"\\nPROMPT_TOOLKIT_NO_CPR=1\\nCAI_STREAM=false' > .env\n\n# Launch CAI\ncai  # first launch it can take up to 30 seconds\n```\n\n### Ubuntu 20.04\n```bash\nsudo apt-get update && \\\n    sudo apt-get install -y software-properties-common\n\n# Fetch Python 3.12\nsudo add-apt-repository ppa:deadsnakes\u002Fppa && sudo apt update\nsudo apt install python3.12 python3.12-venv python3.12-dev -y\n\n# Create the virtual environment\npython3.12 -m venv cai_env\n\n# Install the package from the local directory\nsource cai_env\u002Fbin\u002Factivate && pip install cai-framework\n\n# Generate a .env file and set up with defaults\necho -e 'OPENAI_API_KEY=\"sk-1234\"\\nANTHROPIC_API_KEY=\"\"\\nOLLAMA=\"\"\\nPROMPT_TOOLKIT_NO_CPR=1\\nCAI_STREAM=false' > .env\n\n# Launch CAI\ncai  # first launch it can take up to 30 seconds\n```\n\n### Windows WSL\nGo to the Microsoft page: https:\u002F\u002Flearn.microsoft.com\u002Fen-us\u002Fwindows\u002Fwsl\u002Finstall. Here you will find all the instructions to install WSL\n\nFrom Powershell write: wsl --install\n\n```bash\n\nsudo apt-get update && \\\n    sudo apt-get install -y git python3-pip python3-venv\n\n# Create the virtual environment\npython3 -m venv cai_env\n\n# Install the package from the local directory\nsource cai_env\u002Fbin\u002Factivate && pip install cai-framework\n\n# Generate a .env file and set up with defaults. If Ollama runs on your windows host, wsl needs to use your host IP for it to become reachable\necho -e 'OPENAI_API_KEY=\"sk-1234\"\\nANTHROPIC_API_KEY=\"\"\\nOLLAMA=\"\"\\nOLLAMA_API_BASE=\"http:\u002F\u002FYour.Host.Ip.Here:11434\"\\nPROMPT_TOOLKIT_NO_CPR=1\\nCAI_STREAM=false' > .env\n\n# Launch CAI\ncai  # first launch it can take up to 30 seconds\n```\n\nYou might run into issues running cai on ubuntu since some agents assume they are running on a Kali Instance and are not able to find the tools needed. \nSo as an alternative you can use the docker compose file in the dockerized folder instead. This also works from within wsl if docker is installed.\nin that case fetch the dockerized folder (no need for the whole repo) and run from within it.\nFor API Keys env syntax  check litellm Documentation. [LiteLLM Documentation](https:\u002F\u002Fdocs.litellm.ai\u002Fdocs\u002Ftutorials\u002Finstallation)\n\n```bash\n#build and run docker compose Build takes around 20 min.\ndocker compose build && docker compose up -d\n\n#access cai\ndocker compose exec cai cai\n```\n\n\n### Android\n\nWe recommend having at least 8 GB of RAM:\n\n1. First of all, install userland https:\u002F\u002Fplay.google.com\u002Fstore\u002Fapps\u002Fdetails?id=tech.ula&hl=es\n\n2. Install Kali minimal in basic options (for free). [Or any other kali option if preferred]\n\n3. Update apt keys like in this example: https:\u002F\u002Fsuperuser.com\u002Fquestions\u002F1644520\u002Fapt-get-update-issue-in-kali, inside UserLand's Kali terminal execute\n\n```bash\n# Get new apt keys\nwget http:\u002F\u002Fhttp.kali.org\u002Fkali\u002Fpool\u002Fmain\u002Fk\u002Fkali-archive-keyring\u002Fkali-archive-keyring_2024.1_all.deb\n\n# Install new apt keys\nsudo dpkg -i kali-archive-keyring_2024.1_all.deb && rm kali-archive-keyring_2024.1_all.deb\n\n# Update APT repository\nsudo apt-get update\n\n# CAI requieres python 3.12, lets install it (CAI for kali in Android)\nsudo apt-get update && sudo apt-get install -y git python3-pip build-essential zlib1g-dev libncurses5-dev libgdbm-dev libnss3-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev wget libbz2-dev pkg-config\nwget https:\u002F\u002Fwww.python.org\u002Fftp\u002Fpython\u002F3.12.4\u002FPython-3.12.4.tar.xz\ntar xf Python-3.12.4.tar.xz\ncd .\u002Fconfigure --enable-optimizations\nsudo make altinstall # This command takes long to execute\n\n# Clone CAI's source code\ngit clone https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai && cd cai\n\n# Create virtual environment\npython3.12 -m venv cai_env\n\n# Install the package from the local directory\nsource cai_env\u002Fbin\u002Factivate && pip3 install -e .\n\n# Generate a .env file and set up\ncp .env.example .env  # edit here your keys\u002Fmodels\n\n# Launch CAI\ncai\n```\n\n\n### :nut_and_bolt: Setup `.env` file\n\nCAI leverages the `.env` file to load configuration at launch. To facilitate the setup, the repo provides an exemplary [`.env.example`](.env.example) file provides a template for configuring CAI's setup and your LLM API keys to work with desired LLM models.\n\n:warning: Important:\n\nCAI does NOT provide API keys for any model by default. Don't ask us to provide keys, use your own or host your own models.\n\n\n:warning: Note:\n\nThe OPENAI_API_KEY must not be left blank. It should contain either \"sk-123\" (as a placeholder) or your actual API key. See https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fissues\u002F27.\n\n:warning: Note:\n\nIf you are using alias1 model, make sure that CAI is >0.4.0 version and here you have an .env example to be able to use it.\n\n```bash\nOPENAI_API_KEY=\"sk-1234\"\nOLLAMA=\"\"\nALIAS_API_KEY=\"\u003Csk-your-key>\"  # note, add yours\nCAI_STREAM=False\nCAI_MODEL=\"alias1\"\n```\n\n### 🔹 Custom OpenAI Base URL Support\n\nCAI supports configuring a custom OpenAI API base URL via the `OPENAI_BASE_URL` environment variable. This allows users to redirect API calls to a custom endpoint, such as a proxy or self-hosted OpenAI-compatible service.\n\nExample `.env` entry configuration:\n```\nOLLAMA_API_BASE=\"https:\u002F\u002Fcustom-openai-proxy.com\u002Fv1\"\n```\n\nOr directly from the command line:\n```bash\nOLLAMA_API_BASE=\"https:\u002F\u002Fcustom-openai-proxy.com\u002Fv1\" cai\n```\n\n\n## :triangular_ruler: Architecture:\n\nCAI focuses on making cybersecurity agent **coordination** and **execution** lightweight, highly controllable, and useful for humans. To do so it builds upon 8 pillars: `Agents`, `Tools`, `Handoffs`, `Patterns`, `Turns`, `Tracing`, `Guardrails` and `HITL`.\n\n```\n                  ┌───────────────┐           ┌───────────┐\n                  │      HITL     │◀─────-───▶│   Turns   │\n                  └───────┬───────┘           └───────────┘\n                          │\n                          ▼\n┌───────────┐       ┌───────────┐       ┌───────────┐      ┌───────────┐\n│  Patterns │◀──-──▶│  Handoffs │◀──-─▶ │   Agents  │◀──-─▶│    LLMs   │\n└───────────┘       └─────┬─────┘       └─────┬─────┘      └───────────┘\n                          │                   │\n                          │                   ▼\n┌────────────┐       ┌────┴──────┐       ┌───────────┐     ┌────────────┐\n│ Extensions │◀────▶ │  Tracing  │       │   Tools   │◀──▶ │ Guardrails │\n└────────────┘       └───────────┘       └───────────┘     └────────────┘\n                                              │\n                          ┌─────────────┬─────┴────┬─────────────┐\n                          ▼             ▼          ▼             ▼\n                    ┌───────────┐┌───────────┐┌────────────┐┌───────────┐\n                    │ LinuxCmd  ││ WebSearch ││    Code    ││ SSHTunnel │\n                    └───────────┘└───────────┘└────────────┘└───────────┘\n```\n\n\nIf you want to dive deeper into the code, check the following files as a start point for using CAI:\n\n* [__init__.py](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Fsrc\u002Fcai\u002F__init__.py)\n* [cli.py](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Fsrc\u002Fcai\u002Fcli.py) - entrypoint for command line interface\n* [util.py](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Fsrc\u002Fcai\u002Futil.py) - utility functions\n* [agents](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Fsrc\u002Fcai\u002Fagents) - Agent implementations\n* [internal](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Fsrc\u002Fcai\u002Finternal) - CAI internal functions (endpoints, metrics, logging, etc.)\n* [prompts](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Fsrc\u002Fcai\u002Fprompts) - Agent Prompt Database\n* [repl](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Fsrc\u002Fcai\u002Frepl) - CLI aesthetics and commands\n* [sdk](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Fsrc\u002Fcai\u002Fsdk) - CAI command sdk\n* [tools](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Ftree\u002Fmain\u002Fsrc\u002Fcai\u002Ftools) - agent tools\n\n### 🔹 Agent\n\nAt its core, CAI abstracts its cybersecurity behavior via `Agents` and agentic `Patterns`. An Agent in *an intelligent system that interacts with some environment*. More technically, within CAI we embrace a robotics-centric definition wherein an agent is anything that can be viewed as a system perceiving its environment through sensors, reasoning about its goals and and acting accordingly upon that environment through actuators (*adapted* from Russel & Norvig, AI: A Modern Approach). In cybersecurity, an `Agent` interacts with systems and networks, using peripherals and network interfaces as sensors, reasons accordingly and then executes network actions as if actuators. Correspondingly, in CAI, `Agent`s implement the `ReACT` (Reasoning and Action) agent model[^3]. For more information, see the [example here](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Fexamples\u002Fbasic\u002Fhello_world.py) for the full execution code, and refer to this [jupyter notebook](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Ffluency\u002Fmy-first-hack\u002Fmy_first_hack.ipynb) for a tutorial on how to use it.\n\n```python\nfrom cai.sdk.agents import Agent, Runner, OpenAIChatCompletionsModel\n\nimport os\nfrom openai import AsyncOpenAI\nfrom dotenv import load_dotenv\nload_dotenv()\n\nagent = Agent(\n      name=\"Custom Agent\",\n      instructions=\"\"\"You are a Cybersecurity expert Leader\"\"\",\n      model=OpenAIChatCompletionsModel(\n          model=os.getenv('CAI_MODEL', \"openai\u002Fgpt-4o\"),\n          openai_client=AsyncOpenAI(),\n          )\n      )\n\nmessage = \"Tell me about recursion in programming.\"\nresult = await Runner.run(agent, message)\n```\n\n### 🔹 Tools\n\n`Tools` let cybersecurity agents take actions by providing interfaces to execute system commands, run security scans, analyze vulnerabilities, and interact with target systems and APIs - they are the core capabilities that enable CAI agents to perform security tasks effectively; in CAI, tools include built-in cybersecurity utilities (like LinuxCmd for command execution, WebSearch for OSINT gathering, Code for dynamic script execution, and SSHTunnel for secure remote access), function calling mechanisms that allow integration of any Python function as a security tool, and agent-as-tool functionality that enables specialized security agents (such as reconnaissance or exploit agents) to be used by other agents, creating powerful collaborative security workflows without requiring formal handoffs between agents. For more information, please refer to the [example here](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Fexamples\u002Fbasic\u002Ftools.py) for the complete configuration of custom functions.\n\n```python\nfrom cai.sdk.agents import Agent, Runner, OpenAIChatCompletionsModel\nfrom cai.tools.reconnaissance.exec_code import execute_code\nfrom cai.tools.reconnaissance.generic_linux_command import generic_linux_command\n\nimport os\nfrom openai import AsyncOpenAI\nfrom dotenv import load_dotenv\nload_dotenv()\n\nagent = Agent(\n      name=\"Custom Agent\",\n      instructions=\"\"\"You are a Cybersecurity expert Leader\"\"\",\n      tools= [\n        generic_linux_command,\n        execute_code\n      ],\n      model=OpenAIChatCompletionsModel(\n          model=os.getenv('CAI_MODEL', \"openai\u002Fgpt-4o\"),\n          openai_client=AsyncOpenAI(),\n          )\n      )\n\nmessage = \"Tell me about recursion in programming.\"\nresult = await Runner.run(agent, message)\n```\n\n\nYou may find different [tools](tools). They are grouped in 6 major categories inspired by the security kill chain [^2]:\n\n1. Reconnaissance and weaponization - *reconnaissance*  (crypto, listing, etc)\n2. Exploitation - *exploitation*\n3. Privilege escalation - *escalation*\n4. Lateral movement - *lateral*\n5. Data exfiltration - *exfiltration*\n6. Command and control - *control*\n\n\n### 🔹 Handoffs\n\n`Handoffs` allow an `Agent` to delegate tasks to another agent, which is crucial in cybersecurity operations where specialized expertise is needed for different phases of an engagement. In our framework, `Handoffs` are implemented as tools for the LLM, where a **handoff\u002Ftransfer function** like `transfer_to_flag_discriminator` enables the `ctf_agent` to pass control to the `flag_discriminator_agent` once it believes it has found the flag. This creates a security validation chain where the first agent handles exploitation and flag discovery, while the second agent specializes in flag verification, ensuring proper segregation of duties and leveraging specialized capabilities of different models for distinct security tasks. For more information, please refer to the [example here](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Fexamples\u002Fcai\u002Fagent_patterns\u002Fhandoffs.py) for the full execution code.\n\n\n```python\nfrom cai.sdk.agents import function_tool\nfrom cai.tools.common import run_command\nfrom cai.sdk.agents import Agent, OpenAIChatCompletionsModel, HandoffInputData, Runner, function_tool, handoff, trace\nfrom cai.sdk.agents.extensions import handoff_filters\n\nimport os\nfrom openai import AsyncOpenAI\nfrom dotenv import load_dotenv\nload_dotenv()\n\n@function_tool\ndef execute_cli_command(command: str) -> str:\n    return run_command(command)\n\nflag_discriminator = Agent(\n    name=\"Flag discriminator\",\n    description=\"Agent focused on extracting the flag from the output\",\n    instructions=\"You are an agent tailored to extract the flag from a given output.\",\n    model=OpenAIChatCompletionsModel(\n        model=os.getenv('CAI_MODEL', \"qwen2.5:14b\"),\n        openai_client=AsyncOpenAI(),\n    ) \n)\n\nctf_agent = Agent(\n    name=\"CTF agent\",\n    description=\"Agent focused on conquering security challenges\",\n    instructions=\"You are a Cybersecurity expert Leader facing a CTF\",\n    tools=[\n        execute_cli_command,\n    ],\n    model=OpenAIChatCompletionsModel(\n        model= os.getenv('CAI_MODEL', \"qwen2.5:14b\"),\n        openai_client=AsyncOpenAI(),\n    ), \n    handoffs = [flag_discriminator]\n)\n```\n\n### 🔹 Patterns\n\nAn agentic `Pattern` is a *structured design paradigm* in artificial intelligence systems where autonomous or semi-autonomous agents operate within a defined *interaction framework* (the pattern) to achieve a goal. These `Patterns` specify the organization, coordination, and communication\nmethods among agents, guiding decision-making, task execution, and delegation.\n\nAn agentic pattern (`AP`) can be formally defined as a tuple:\n\n\\\\[\nAP = (A, H, D, C, E)\n\\\\]\n\nwherein:\n\n- **\\\\(A\\\\) (Agents):** A set of autonomous entities, \\\\( A = \\\\{a_1, a_2, ..., a_n\\\\} \\\\), each with defined roles, capabilities, and internal states.\n- **\\\\(H\\\\) (Handoffs):** A function \\\\( H: A \\times T \\to A \\\\) that governs how tasks \\\\( T \\\\) are transferred between agents based on predefined logic (e.g., rules, negotiation, bidding).\n- **\\\\(D\\\\) (Decision Mechanism):** A decision function \\\\( D: S \\to A \\\\) where \\\\( S \\\\) represents system states, and \\\\( D \\\\) determines which agent takes action at any given time.\n- **\\\\(C\\\\) (Communication Protocol):** A messaging function \\\\( C: A \\times A \\to M \\\\), where \\\\( M \\\\) is a message space, defining how agents share information.\n- **\\\\(E\\\\) (Execution Model):** A function \\\\( E: A \\times I \\to O \\\\) where \\\\( I \\\\) is the input space and \\\\( O \\\\) is the output space, defining how agents perform tasks.\n\nWhen building `Patterns`, we generall y classify them among one of the following categories, though others exist:\n\n| **Agentic** `Pattern` **categories** | **Description** |\n|--------------------|------------------------|\n| `Swarm` (Decentralized) | Agents share tasks and self-assign responsibilities without a central orchestrator. Handoffs occur dynamically. *An example of a peer-to-peer agentic pattern is the `CTF Agentic Pattern`, which involves a team of agents working together to solve a CTF challenge with dynamic handoffs.* |\n| `Hierarchical` | A top-level agent (e.g., \"PlannerAgent\") assigns tasks via structured handoffs to specialized sub-agents. Alternatively, the structure of the agents is harcoded into the agentic pattern with pre-defined handoffs. |\n| `Chain-of-Thought` (Sequential Workflow) | A structured pipeline where Agent A produces an output, hands it to Agent B for reuse or refinement, and so on. Handoffs follow a linear sequence. *An example of a chain-of-thought agentic pattern is the `ReasonerAgent`, which involves a Reasoning-type LLM that provides context to the main agent to solve a CTF challenge with a linear sequence.*[^1] |\n| `Auction-Based` (Competitive Allocation) | Agents \"bid\" on tasks based on priority, capability, or cost. A decision agent evaluates bids and hands off tasks to the best-fit agent. |\n| `Recursive` | A single agent continuously refines its own output, treating itself as both executor and evaluator, with handoffs (internal or external) to itself. *An example of a recursive agentic pattern is the `CodeAgent` (when used as a recursive agent), which continuously refines its own output by executing code and updating its own instructions.* |\n\nFor more information and examples of common agentic patterns, see the [examples folder](https:\u002F\u002Fgithub.com\u002Faliasrobotics\u002Fcai\u002Fblob\u002Fmain\u002Fexamples\u002Fagent_patterns\u002FREADME.md).\n\n\n\n### 🔹 Turns and Interactions\nDuring the agentic flow (conversation), we distinguish between **interactions** and **turns**.\n\n- **Interactions** are sequential exchanges between one or multiple agents. Each agent executing its logic corresponds with one *interaction*. Since an `Agent` in CAI generally implements the `ReACT` agent model[^3], each *interaction* consists of 1) a reasoning step via an LLM inference and 2) act by calling zero-to-n `Tools`. This is defined in`process_interaction()` in [core.py](cai\u002Fcore.py).\n- **Turns**: A turn represents a cycle of one ore more **interactions** which finishes when the `Agent` (or `Pattern`) executing returns `None`, judging there're no further actions to undertake. This is defined in `run()`, see [core.py](cai\u002Fcore.py).\n\n\n> [!NOTE]\n> CAI Agents are not related to Assistants in the Assistants API. They are named similarly for convenience, but are otherwise completely unrelated. CAI is entirely powered by the Chat Completions API and is hence stateless between calls.\n\n\n### 🔹 Tracing\n\nCAI implements AI observability by adopting the OpenTelemetry standard and to do so, it leverages [Phoenix](https:\u002F\u002Fgithub.com\u002FArize-ai\u002Fphoenix) which provides comprehensive tracing capabilities through OpenTelemetry-based instrumentation, allowing you to monitor and analyze your security operations in real-time. This integration enables detailed visibility into agent interactions, tool usage, and attack vectors throughout penetration testing workflows, making it easier to debug complex exploitation chains, track vulnerability discovery processes, and optimize agent performance for more effective security assessments.\n\n![](media\u002Ftracing.png)\n\n### 🔹 Guardrails\n\n`Guardrails` provide a critical security layer for CAI agents, protecting against prompt injection attacks and preventing execution of dangerous commands. These guardrails run in parallel to agents, validating both input and output to ensure safe operation. The framework includes:\n\n- **Input Guardrails**: Detect and block prompt injection attempts before they reach agents, using pattern matching, Unicode homograph detection, and AI-powered analysis\n- **Output Guardrails**: Validate agent outputs before execution, preventing dangerous commands like reverse shells, fork bombs, or data exfiltration  \n- **Multi-layered Defense**: Protection at input, processing, and execution stages with tool-level validation\n- **Base64\u002FBase32 Aware**: Automatically decodes and analyzes encoded payloads to detect hidden malicious commands\n- **Configurable**: Can be enabled\u002Fdisabled via `CAI_GUARDRAILS` environment variable\n\nFor detailed implementation, see [docs\u002Fguardrails.md](docs\u002Fguardrails.md) and [docs\u002Fcai_prompt_injection.md](docs\u002Fcai_prompt_injection.md).\n\n### 🔹 Human-In-The-Loop (HITL)\n\n```\n                      ┌─────────────────────────────────┐\n                      │                                 │\n                      │      Cybersecurity AI (CAI)     │\n                      │                                 │\n                      │       ┌─────────────────┐       │\n                      │       │  Autonomous AI  │       │\n                      │       └────────┬────────┘       │\n                      │                │                │\n                      │                │                │\n                      │       ┌────────▼─────────┐      │\n                      │       │ HITL Interaction │      │\n                      │       └────────┬─────────┘      │\n                      │                │                │\n                      └────────────────┼────────────────┘\n                                       │\n                                       │ Ctrl+C (cli.py)\n                                       │\n                           ┌───────────▼───────────┐\n                           │   Human Operator(s)   │\n                           │  Expertise | Judgment │\n                           │    Teleoperation      │\n                           └───────────────────────┘\n```\n\nCAI delivers a framework for building Cybersecurity AIs with a strong emphasis on *semi-autonomous* operation, as the reality is that **fully-autonomous** cybersecurity systems remain premature and face significant challenges when tackling complex tasks. While CAI explores autonomous capabilities, we recognize that effective security operations still require human teleoperation providing expertise, judgment, and oversight in the security process.\n\nAccordingly, the Human-In-The-Loop (`HITL`) module is a core design principle of CAI, acknowledging that human intervention and teleoperation are essential components of responsible security testing. Through the `cli.py` interface, users can seamlessly interact with agents at any point during execution by simply pressing `Ctrl+C`. This is implemented across [core.py](cai\u002Fcore.py) and also in the REPL abstractions [REPL](cai\u002Frepl).\n\n\n## :rocket: Quickstart\n\n\nTo start CAI after installing it, just type `cai` in the CLI:\n\n```bash\n└─# cai\n\n          CCCCCCCCCCCCC      ++++++++   ++++++++      IIIIIIIIII\n       CCC::::::::::::C  ++++++++++       ++++++++++  I::::::::I\n     CC:::::::::::::::C ++++++++++         ++++++++++ I::::::::I\n    C:::::CCCCCCCC::::C +++++++++    ++     +++++++++ II::::::II\n   C:::::C       CCCCCC +++++++     +++++     +++++++   I::::I\n  C:::::C                +++++     +++++++     +++++    I::::I\n  C:::::C                ++++                   ++++    I::::I\n  C:::::C                 ++                     ++     I::::I\n  C:::::C                  +   +++++++++++++++   +      I::::I\n  C:::::C                    +++++++++++++++++++        I::::I\n  C:::::C                     +++++++++++++++++         I::::I\n   C:::::C       CCCCCC        +++++++++++++++          I::::I\n    C:::::CCCCCCCC::::C         +++++++++++++         II::::::II\n     CC:::::::::::::::C           +++++++++           I::::::::I\n       CCC::::::::::::C             +++++             I::::::::I\n          CCCCCCCCCCCCC               ++              IIIIIIIIII\n\n                      Cybersecurity AI (CAI), vX.Y.Z\n                          Bug bounty-ready AI\n\nCAI>\n```\n\nThat should initialize CAI and provide a prompt to execute any security task you want to perform. The navigation bar at the bottom displays important system information. This information helps you understand your environment while working with CAI.\n\nHere's a quick [demo video](https:\u002F\u002Fasciinema.org\u002Fa\u002Fzm7wS5DA2o0S9pu1Tb44pnlvy) to help you get started with CAI. We'll walk through the basic steps — from launching the tool to running your first AI-powered task in the terminal. Whether you're a beginner or just curious, this guide will show you how easy it is to begin using CAI.\n\nFrom here on, type on `CAI` and start your security exercise. Best way to learn is by example:\n\n### Environment Variables\nFor using private models, you are given a [`.env.example`](.env.example) file. Copy it and rename it as `.env`. Fill in your corresponding API keys, and you are ready to use CAI.\n \u003Cdetails>\n\u003Csummary>List of Environment Variables\u003C\u002Fsummary>\n\n| Variable | Description |\n|----------|-------------|\n| CTF_NAME | Name of the CTF challenge to run (e.g. \"picoctf_static_flag\") |\n| CTF_CHALLENGE | Specific challenge name within the CTF to test |\n| CTF_SUBNET | Network subnet for the CTF container |\n| CTF_IP | IP address for the CTF container |\n| CTF_INSIDE | Whether to conquer the CTF from within container |\n| CAI_MODEL | Model to use for agents |\n| CAI_DEBUG | Set debug output level (0: Only tool outputs, 1: Verbose debug output, 2: CLI debug output) |\n| CAI_BRIEF | Enable\u002Fdisable brief output mode |\n| CAI_MAX_TURNS | Maximum number of turns for agent interactions |\n| CAI_TRACING | Enable\u002Fdisable OpenTelemetry tracing |\n| CAI_AGENT_TYPE | Specify the agents to use (boot2root, one_tool...) |\n| CAI_STATE | Enable\u002Fdisable stateful mode |\n| CAI_MEMORY | Enable\u002Fdisable memory mode (episodic, semantic, all) |\n| CAI_MEMORY_ONLINE | Enable\u002Fdisable online memory mode |\n| CAI_MEMORY_OFFLINE | Enable\u002Fdisable offline memory |\n| CAI_ENV_CONTEXT | Add dirs and current env to llm context |\n| CAI_MEMORY_ONLINE_INTERVAL | Number of turns between online memory updates |\n| CAI_PRICE_LIMIT | Price limit for the conversation in dollars |\n| CAI_REPORT | Enable\u002Fdisable reporter mode (ctf, nis2, pentesting) |\n| CAI_SUPPORT_MODEL | Model to use for the support agent |\n| CAI_SUPPORT_INTERVAL | Number of turns between support agent executions |\n| CAI_WORKSPACE | Defines the name of the workspace |\n| CAI_WORKSPACE_DIR | Specifies the directory path where the workspace is located |\n| CAI_GUARDRAILS | Enable\u002Fdisable guardrails for prompt injection protection (default: true) |\n\n\u003C\u002Fdetails>\n\n### OpenRouter Integration\n\nThe Cybersecurity AI (CAI) platform offers seamless integration with OpenRouter, a unified interface for Large Language Models (LLMs). This integration is crucial for users who wish to leverage advanced AI capabilities in their cybersecurity tasks. OpenRouter acts as a bridge, allowing CAI to communicate with various LLMs, thereby enhancing the flexibility and power of the AI agents used within CAI.\n\nTo enable OpenRouter support in CAI, you need to configure your environment by adding specific entries to your `.env` file. This setup ensures that CAI can interact with the OpenRouter API, facilitating the use of sophisticated models like Meta-LLaMA. Here’s how you can configure it:\n\n```bash\nCAI_AGENT_TYPE=redteam_agent\nCAI_MODEL=openrouter\u002Fmeta-llama\u002Fllama-4-maverick\nOPENROUTER_API_KEY=\u003Csk-your-key>  # note, add yours\nOPENROUTER_API_BASE=https:\u002F\u002Fopenrouter.ai\u002Fapi\u002Fv1\n```\n\n### Azure OpenAI\n\nThe Cybersecurity AI (CAI) platform integrates seamlessly with Azure OpenAI, enabling organizations to run CAI against enterprise-hosted models (e.g., gpt-4o). This pathway is ideal for teams that must operate within Azure governance while leveraging advanced model capabilities.\nTo enable Azure OpenAI support in CAI, configure your environment by adding the following entries to your .env. This ensures CAI can reach your Azure deployment endpoint and authenticate correctly.\n\n```bash\nCAI_AGENT_TYPE=redteam_agent\nCAI_MODEL=azure\u002F\u003Cmodel-name-deployed>\n# Required: keep non-empty even when using Azure\nOPENAI_API_KEY=dummy\n# Azure credentials and endpoint\nAZURE_API_KEY=\u003Cyour-azure-openai-key>\nAZURE_API_BASE=https:\u002F\u002F\u003Cresource>.openai.azure.com\u002Fopenai\u002Fdeploym","Cybersecurity AI (CAI) 是一个专注于人工智能安全的框架。该项目采用Python语言开发，集成了多种先进的AI技术和网络安全工具，如生成式AI和大语言模型等，旨在为安全研究人员提供强大的自动化测试与分析能力。其核心功能包括但不限于漏洞检测、攻击模拟及响应策略制定等。适用于需要增强系统安全性或进行复杂网络环境下的攻防演练场景，对于企业和学术机构而言都是一个极具价值的安全研究平台。",2,"2026-06-11 03:24:34","top_topic"]