“Automated and Dangerous”: A New AI Framework Can Run 150+ Hacking Tools Autonomously

The HexStrike AI repository has released HexStrike AI MCP Agents v6.0—a powerful framework for automating penetration tests. The system integrates more than 150 security tools and 12 autonomous AI agents operating through the FastMCP protocol.

HexStrike performs intelligent target analysis, automatically selects tools and parameters, conducts scans, and generates real-time reports. Its arsenal includes modules for analyzing networks, web applications, cloud infrastructures, binary files, APIs, and CTF challenges.

Among the newly introduced agents are: IntelligentDecisionEngine for optimal tool selection, AIExploitGenerator for exploit creation, VulnerabilityCorrelator for constructing attack chains, and CVEIntelligenceManager for managing vulnerability databases.

The framework supports integration with Claude, GPT, and other MCP-compatible agents. It offers ready-made scenarios for bug bounty programs, CTF challenges, and API analysis, along with an enhanced web automation module featuring Selenium and headless Chrome support.

Compared to manual testing, vulnerability detection speed is 16–24 times faster, reports are generated in minutes instead of hours, and accuracy reaches 98.7% with a remarkably low false-positive rate.

In the upcoming HexStrike AI v7.0, developers promise to expand the number of agents to 250, introduce Docker support, add a desktop client, and optimize resource usage—reducing load by up to 40%.

The tool is distributed under the MIT license and is intended for contractual penetration testing, bug bounty programs, CTF competitions, and research purposes. The authors caution, however, that the system should only be executed in isolated environments, as the agents have access to a wide range of security utilities.

The project remains open for contributions, welcoming proposals for new integrations, performance optimizations, and expanded documentation.