{"componentChunkName":"component---src-templates-project-template-js","path":"/projects/chakravyuhrift-autonomous-offensive-security-agent-platform","result":{"data":{"project":{"title":"ChakravyuhRift — Autonomous Offensive-Security Agent Platform","slug":"chakravyuhrift-autonomous-offensive-security-agent-platform","description":"A private research build. An autonomous offensive-security platform that drives an LLM through a custom async tool-calling agent loop over 30+ containerized security-tool microservices (nmap, nuclei, sqlmap, ZAP, …) exposed via an MCP-over-HTTP bridge, under a 4-tier safety model. Every agent decision runs a per-decision Plan-Do-Check-Act (PDCA) cycle whose audited reasoning traces become fine-tuning data for domain-specialist models — a closed self-improvement loop.","caseStudy":"> A private research build — not publicly hosted. This write-up focuses on the architecture and the engineering, not a product pitch.\n\n## The problem\n\nMost \"AI pentester\" demos are a single model improvising its way through a target — impressive in a clip, but non-auditable, unsafe to point at anything real, and incapable of learning from its own runs. I wanted the opposite: an autonomous offensive-security agent whose every decision is **explicit, logged, safety-gated, and reusable as training signal**.\n\n## The approach\n\nChakravyuhRift drives an LLM through a custom async tool-calling loop over a fleet of containerized security tools — but wraps **every single decision in a Plan-Do-Check-Act (PDCA) contract**. Before each tool call the agent PLANs (problem-first: goal, candidate approaches mapped to real tools, chosen tool + expected outcome); it DOes (runs the tool); it CHECKs (status, signals); it ACTs (reflects — prediction-vs-actual, falsifications, a short carry-forward packet injected into the next turn). The result is an agent that reasons in the open and leaves a structured, reviewable trail.\n\n## Architecture\n\n- **Agent core** — a hand-rolled tool-calling loop (no LangChain) with budget enforcement, context compaction, and anti-repetition steering. A per-decision PDCA engine fires two LLM calls (PLAN, ACT) around each tool dispatch and serializes every cycle to NDJSON.\n- **Multi-provider LLM layer** — one abstraction over Anthropic Claude, OpenAI, local OpenAI-compatible servers (vLLM / Ollama / llama.cpp / MLX), and a human-in-the-loop driver for tightly-controlled runs.\n- **Tool fabric** — 30+ containerized tool-runner microservices (nmap, nuclei, sqlmap, ZAP, …), each a small FastAPI service, exposed to LLM clients through an **MCP-over-HTTP bridge**.\n- **Reasoning frameworks** — a mission-level stack layering Ishikawa, MITRE ATT&CK, Kill Chain, OWASP Top 10, and CVE/CVSS/KEV enrichment onto the loop.\n- **Safety** — a 4-tier permission model (verify → scan → exploit → lab-only), CIDR/hostname allowlists, and hardened non-root, read-only containers.\n- **A Living Map UI** (React/Vite) visualizes the attack graph and the co-pilot in real time.\n\n## The self-improvement loop\n\nThe payoff of making every decision auditable: those PDCA traces become **training data**. They're routed per-specialist (recon / web / exploitation / lateral) and used to LoRA-fine-tune smaller models via [Foundry](/projects/foundry-lora-fine-tuning-adapter-lifecycle-platform/). A contamination guard flags decisions that leaned on memorized facts instead of tool-observed evidence, keeping the training signal honest.\n\n## Honest scope\n\nThis is research, not a shipped product — the headline pilot numbers live in internal design docs, so I'm leaving them off here. What's real and durable is the engineering: a safe, auditable, self-improving agent architecture.\n","gallery":[],"date_start":"2025","date_end":null,"hours":null,"client":null,"tags":["ai","agentic","security","llm","research"],"outcomes":["Per-decision PDCA reasoning engine — wraps each tool call in an LLM PLAN step (problem-first goal/approach/tool selection with SWOT·MoSCoW·DMAIC framing) and an LLM ACT reflection (prediction-vs-actual, falsification, carry-forward packet), emitting structured NDJSON decision traces","Multi-provider LLM orchestration behind one hand-rolled async tool-calling loop — Claude, OpenAI, local OpenAI-compatible (vLLM/Ollama/llama.cpp/MLX), and a human-in-the-loop driver — with budget enforcement, context compaction, and anti-repetition steering (no LangChain)","Closed self-improvement pipeline: the agent's own PDCA traces become per-specialist (recon/web/exploitation/lateral) SFT datasets and LoRA fine-tunes via Modal + Unsloth + TRL","30+ containerized tool-runner microservices behind an MCP-over-HTTP bridge, with a 4-tier permission model (verify→lab-only), CIDR/host allowlists, and hardened non-root read-only containers","Mission-level analytical-framework stack (Ishikawa, MITRE ATT&CK, Kill Chain, OWASP Top 10, CVE/CVSS/KEV) plus a contamination guard flagging memorized vs tool-observed evidence to protect training-data quality"],"tech_stack":["Python","FastAPI","Docker","MCP","LLM Orchestration","LoRA / SFT Fine-Tuning","Modal","React","Agentic AI"],"links":[],"image":{"childImageSharp":{"fluid":{"tracedSVG":"data:image/svg+xml,%3csvg%20xmlns='http://www.w3.org/2000/svg'%20width='400'%20height='229'%20viewBox='0%200%20400%20229'%20preserveAspectRatio='none'%3e%3cpath%20d='M0%20115v114h401V0H0v115m196-90c-2%201-2%203-2%204%201%203-1%204-11%2013-16%2013-18%2015-21%2014-2%200-2%200-1%201%202%201%201%203-12%2014a243%20243%200%2001-19%2015l2%204c0%202%200%202%201%201a414%20414%200%200174%201%20473%20473%200%200161-3c0-1%200-2-1-1l-30%201h-31v-4l-3-6-2-3-1-1-1%201-3%203-2%206v4h-31l-30-1%2016-16a11442%2011442%200%200049-38c6%202%2011-5%206-9-2-3-6-2-8%200m141%2045l-1%206%201%205h28v-3c0-2%200-3%202-3s2-1%202-3v-3h-16l-16%201m1%202c0%202%201%202%2015%202s15%200%2015-2-1-2-15-2-15%200-15%202m0%206c0%202%201%202%2013%202s13%200%2013-2-1-2-13-2-13%200-13%202m-214%2022l-4%2011c-1%204-1%205-4%205-2%200-3%201%200%202%201%201%201%204-2%2015-3%2010-4%2012-6%2012s-1%201%202%201h3c-2-2%207-27%209-28v-2c-1-1-1-2%203-14%200-1%201-2%202-1v-1c-2-1-1-1%202-1s2-2-1-2l-2-1%202-1%203-1h-3c-3%200-3%201-4%206m75%2037l-2%203c-5%203-3%208%202%2010%201%201%201%201-1%201-4%200-2%202%202%203%204%200%205-1%202-2-1-1-1-1%201-3%204-3%204-6%201-9l-3-3-1-1-1%201'%20fill='%23d3d3d3'%20fill-rule='evenodd'/%3e%3c/svg%3e","aspectRatio":1.7543859649122806,"src":"/static/a2a9f6cb7d7c4497b113a1ce87c3a653/ee604/chakravyuhrift.png","srcSet":"/static/a2a9f6cb7d7c4497b113a1ce87c3a653/69585/chakravyuhrift.png 200w,\n/static/a2a9f6cb7d7c4497b113a1ce87c3a653/497c6/chakravyuhrift.png 400w,\n/static/a2a9f6cb7d7c4497b113a1ce87c3a653/ee604/chakravyuhrift.png 800w","srcWebp":"/static/a2a9f6cb7d7c4497b113a1ce87c3a653/58556/chakravyuhrift.webp","srcSetWebp":"/static/a2a9f6cb7d7c4497b113a1ce87c3a653/61e93/chakravyuhrift.webp 200w,\n/static/a2a9f6cb7d7c4497b113a1ce87c3a653/1f5c5/chakravyuhrift.webp 400w,\n/static/a2a9f6cb7d7c4497b113a1ce87c3a653/58556/chakravyuhrift.webp 800w","sizes":"(max-width: 800px) 100vw, 800px"}}},"stack_icons":[{"name":"Python","icon":{"childImageSharp":{"fixed":{"tracedSVG":"data:image/svg+xml,%3csvg%20xmlns='http://www.w3.org/2000/svg'%20width='24'%20height='24'%20viewBox='0%200%2024%2024'%20preserveAspectRatio='none'%3e%3cpath%20d='M1%201v22c2%202%2020%201%2022-1s3-22%201-21H1'%20fill='%23d3d3d3'%20fill-rule='evenodd'/%3e%3c/svg%3e","width":24,"height":24,"src":"/static/64d0f7b1b208f14bd8dd5134b3ed7ff5/6d1ba/python.png","srcSet":"/static/64d0f7b1b208f14bd8dd5134b3ed7ff5/6d1ba/python.png 1x,\n/static/64d0f7b1b208f14bd8dd5134b3ed7ff5/a9c35/python.png 1.5x,\n/static/64d0f7b1b208f14bd8dd5134b3ed7ff5/559c9/python.png 2x","srcWebp":"/static/64d0f7b1b208f14bd8dd5134b3ed7ff5/f8bad/python.webp","srcSetWebp":"/static/64d0f7b1b208f14bd8dd5134b3ed7ff5/f8bad/python.webp 1x,\n/static/64d0f7b1b208f14bd8dd5134b3ed7ff5/f81b6/python.webp 1.5x,\n/static/64d0f7b1b208f14bd8dd5134b3ed7ff5/804d1/python.webp 2x"}}}},{"name":"Docker","icon":{"childImageSharp":{"fixed":{"tracedSVG":"data:image/svg+xml,%3csvg%20xmlns='http://www.w3.org/2000/svg'%20width='24'%20height='24'%20viewBox='0%200%2024%2024'%20preserveAspectRatio='none'%3e%3cpath%20d='M1%201v22c2%202%2020%201%2022-1s3-22%201-21H1'%20fill='%23d3d3d3'%20fill-rule='evenodd'/%3e%3c/svg%3e","width":24,"height":24,"src":"/static/56da43d828dc522662791d50808cbb00/6d1ba/docker.png","srcSet":"/static/56da43d828dc522662791d50808cbb00/6d1ba/docker.png 1x,\n/static/56da43d828dc522662791d50808cbb00/a9c35/docker.png 1.5x,\n/static/56da43d828dc522662791d50808cbb00/559c9/docker.png 2x","srcWebp":"/static/56da43d828dc522662791d50808cbb00/f8bad/docker.webp","srcSetWebp":"/static/56da43d828dc522662791d50808cbb00/f8bad/docker.webp 1x,\n/static/56da43d828dc522662791d50808cbb00/f81b6/docker.webp 1.5x,\n/static/56da43d828dc522662791d50808cbb00/804d1/docker.webp 2x"}}}},{"name":"MCP","icon":{"childImageSharp":{"fixed":{"tracedSVG":"data:image/svg+xml,%3csvg%20xmlns='http://www.w3.org/2000/svg'%20width='24'%20height='24'%20viewBox='0%200%2024%2024'%20preserveAspectRatio='none'%3e%3cpath%20d='M1%201v22c2%202%2020%201%2022-1s3-22%201-21H1'%20fill='%23d3d3d3'%20fill-rule='evenodd'/%3e%3c/svg%3e","width":24,"height":24,"src":"/static/fb76c0da90f90c016ad01e4dc810443f/6d1ba/api.png","srcSet":"/static/fb76c0da90f90c016ad01e4dc810443f/6d1ba/api.png 1x,\n/static/fb76c0da90f90c016ad01e4dc810443f/a9c35/api.png 1.5x,\n/static/fb76c0da90f90c016ad01e4dc810443f/559c9/api.png 2x","srcWebp":"/static/fb76c0da90f90c016ad01e4dc810443f/f8bad/api.webp","srcSetWebp":"/static/fb76c0da90f90c016ad01e4dc810443f/f8bad/api.webp 1x,\n/static/fb76c0da90f90c016ad01e4dc810443f/f81b6/api.webp 1.5x,\n/static/fb76c0da90f90c016ad01e4dc810443f/804d1/api.webp 2x"}}}},{"name":"LLM","icon":{"childImageSharp":{"fixed":{"tracedSVG":"data:image/svg+xml,%3csvg%20xmlns='http://www.w3.org/2000/svg'%20width='24'%20height='24'%20viewBox='0%200%2024%2024'%20preserveAspectRatio='none'%3e%3cpath%20d='M1%201v22c2%202%2020%201%2022-1s3-22%201-21H1'%20fill='%23d3d3d3'%20fill-rule='evenodd'/%3e%3c/svg%3e","width":24,"height":24,"src":"/static/88083f797bbb622a09f48a92d99d6231/6d1ba/llm.png","srcSet":"/static/88083f797bbb622a09f48a92d99d6231/6d1ba/llm.png 1x,\n/static/88083f797bbb622a09f48a92d99d6231/a9c35/llm.png 1.5x,\n/static/88083f797bbb622a09f48a92d99d6231/559c9/llm.png 2x","srcWebp":"/static/88083f797bbb622a09f48a92d99d6231/f8bad/llm.webp","srcSetWebp":"/static/88083f797bbb622a09f48a92d99d6231/f8bad/llm.webp 1x,\n/static/88083f797bbb622a09f48a92d99d6231/f81b6/llm.webp 1.5x,\n/static/88083f797bbb622a09f48a92d99d6231/804d1/llm.webp 2x"}}}},{"name":"React","icon":{"childImageSharp":{"fixed":{"tracedSVG":"data:image/svg+xml,%3csvg%20xmlns='http://www.w3.org/2000/svg'%20width='28'%20height='24'%20viewBox='0%200%2028%2024'%20preserveAspectRatio='none'%3e%3cpath%20d='M6%202L5%206l-2%204c-4%202-4%204-1%206%202%201%203%202%203%204%201%204%204%205%206%203h4c4%202%206%201%206-3%200-2%201-3%203-4%203-1%203-4-1-7l-2-2c1-5-2-7-6-5-1%202-2%202-4%200H6'%20fill='%23d3d3d3'%20fill-rule='evenodd'/%3e%3c/svg%3e","width":23,"height":20,"src":"/static/b1ac6b31209a966fdef0a91802cc67d8/dba72/react.png","srcSet":"/static/b1ac6b31209a966fdef0a91802cc67d8/dba72/react.png 1x","srcWebp":"/static/b1ac6b31209a966fdef0a91802cc67d8/e3c56/react.webp","srcSetWebp":"/static/b1ac6b31209a966fdef0a91802cc67d8/e3c56/react.webp 1x"}}}}]}},"pageContext":{"slug":"chakravyuhrift-autonomous-offensive-security-agent-platform"}},"staticQueryHashes":["3724428426"]}