Autonomous Tool Orchestration
CyberSentinel AI v3.0 is a new open source cybersecurity platform that integrates 33 real world penetration testing and threat intelligence tools with a provider agnostic artificial intelligence engine. Unlike conventional AI assistants that only suggest commands, this platform autonomously executes tools such as Nmap, SQLMap, Nikto, Nuclei, and OWASP ZAP within an isolated Kali Linux Docker sandbox. The AI then analyzes results in real time. The system runs entirely on local infrastructure with no cloud dependencies, and is available on GitHub under the handle 3sk1nt4n/cybersentinel-ai.
Architecture and Capabilities
The platform deploys via Docker Compose across seven containerized services. A Next.js frontend delivers a streaming chat interface, while a FastAPI backend handles AI routing, intent classification, and tool orchestration. Supporting infrastructure includes Neo4j for knowledge graph mapping of attack surfaces and MITRE ATT&CK techniques, ChromaDB as a retrieval augmented generation engine grounded in MITRE, CIS, and NIST frameworks, and an Elasticsearch with Kibana SIEM stack for log analysis training. The agentic execution model classifies user intent, selects appropriate tools, and runs up to five tools concurrently before synthesizing a unified analysis.
Practical Implementation Details
The toolset spans six categories: live scanners, threat intelligence APIs, SIEM integration, AI detection, threat hunting, and compliance frameworks. A notable feature is mid conversation AI provider switching, supporting Anthropic Claude, OpenAI GPT-4o, OpenRouter, and Ollama for fully offline inference. Live threat intelligence is pulled dynamically from NVD, CISA KEV, EPSS, AlienVault OTX, and Abuse.ch. Safeguards include input and output guardrails that block prompt injection and SSRF attacks. System requirements include Docker Desktop and a minimum of 8 GB of RAM, with the initial build pulling approximately 4 to 5 GB of images and model data.
Source: Cyber Security News
