Security●●Solid
LLMtary – Local LLM Red-Teaming Tool
Autonomous exploit validation with real command execution is genuinely wild for a local tool.
WizardryBold Bet
chetstriker
202mo ago
Back to browse
AI pentester – verified exploits, $999/assessment
by gauravbsinghal·Feb 18, 2026·3 points·4 comments
AI Analysis
●●●BangerBold BetWizardrySolve My Problem
Multi-agent AI chains real exploits with a judge that kills false positives—two hours, not weeks.
Strengths
- •Real innovation in attack reasoning: multi-agent system (mappers, exploiters, judge) mimics human pentester workflow, not just vulnerability scanning.
- •Reproducible Python scripts included with every finding—raises bar for proof and reduces false positives measurably (judge must validate 3x).
- •Dramatic pricing/speed advantage: $999 in 2 hours vs $15-50k in weeks; unlimited retesting changes the pentesting economics.
Weaknesses
- •Explicitly acknowledges SSO+MFA chains still need humans, limiting scope against real-world auth flows.
- •No public independent validation yet—claims are strong but early-stage trust barrier exists.
Category
Target Audience
Security teams, startups, and enterprises needing fast pentesting at a fraction of traditional costs
Similar To
Burp Suite · Nessus · Acunetix
Post Description
I spent 20 years in security, most recently leading 100+ engineers at AWS building pentesting infrastructure across thousands of services. The same problem everywhere: pentests take weeks, cost $15-50k, and the results are stale before they ship.
I built Cipher to fix that. It's an AI agent that reasons like an attacker — maps the target, finds vulnerabilities, chains them into exploits, and proves they're real. Every finding ships with a reproducible Python script. If the script doesn't break your system, we don't report it.
How it works: Cipher defines security invariants ("User A can't access User B's data"), then multiple agents attack in parallel to violate them. A separate judge agent tries to disprove every finding — if it can't reproduce the exploit 3 times, the finding dies. You never see it.
$999 per assessment. Results in ~2 hours. Unlimited retesting.
Honest limitations: complex multi-step auth flows (SSO with MFA) still need manual setup like providing JWT credentials. We're working on it.
I'll run Cipher free for the first 15 HN readers who want to try it. Drop your email or sign up at https://apxlabs.ai/. Happy to answer any questions about the approach.
Similar Projects
Security●●Solid
OdinForge – Breach simulation that chains vulns into attack paths
The UI turns complex attack chains into an immediately scannable graph with per-path metrics (risk score, time-to-compromise, assets/credentials impacted) — great for threat modeling and tabletop drills. Feels more like a very polished BAS visualization than a novel research tool; what I want to know next is where the simulation inputs come from (real telemetry, vulnerability feeds, or canned scenarios).
SlickNiche Gem
Doc_Dre
214mo ago
Security●●Solid
VoiceGoat – A vulnerable voice agent for practicing LLM attacks
CTF-style flags for voice prompt injection make learning LLM security actually fun.
Niche GemRabbit Hole
xmhatx
1411mo ago
Security●●●Banger
Orchid Mantis – A PoC in Rust for Zero Knowledge Proofs of Exploit
ZK proofs verify exploit possession without leaking details until a time-locked deadline.
Big BrainBold BetWizardry
unprovable
4118d ago
Security●●Solid
3 AI agent trust systems cross-verified each other's delegation chains
Delegation chains with accumulating caveats narrow authority at each agent hop.
Big BrainNiche Gem
dreynow
203mo ago
Security●Mid
Lateos/NPM-scan – open-source NPM supply chain scanner, v0.18.3
NPM supply chain scanner competing against Socket, Snyk, and npm audit.
Ship It
lateos-ai
1016d ago