Skip to content
← All work

Rendpoint

Autonomous agentic pentesting platform — 10 specialized AI agents discover, exploit, and chain vulnerabilities across web, API, network, Active Directory, and cloud attack surfaces continuously.

securityaiagentsplatform

Problem

XBOW proved autonomous pentesting works — $117M raised, #1 on HackerOne. But it only covers web apps. Aikido scans broadly but doesn't exploit. Pentest Copilot handles Active Directory but ignores external. No platform covers the full attack surface, proves exploitability end-to-end, or generates custom exploits when no public PoC exists.

Approach

Built a multi-agent platform (FastAPI backend + Next.js dashboard) with 10 specialized AI agents — recon, scanning, CVE research, exploit development, lateral movement, privilege escalation, defense evasion, data exfiltration validation, report writing, and campaign planning. Agents coordinate through a Neo4j attack graph and Redis event bus. LLM-assisted exploit generation (Claude Opus for reasoning, Sonnet for code gen) creates custom exploits when public PoCs don't exist. Firecracker microVM sandboxing for safe execution.

Result

Full-spectrum coverage across web, API, network, Active Directory, and cloud (AWS/Azure/GCP). Attack chaining across domains — web exploit → cloud metadata → cross-account role assumption → AD compromise. 149-test scope validator with kill switches at global, campaign, agent, and technique levels. Safe payload design: proof of exploitability without destruction.

Stack

PythonFastAPINext.jsPostgreSQLNeo4jRedisTemporalDockerClaude API

What I'd do differently

Would validate the LLM-generated exploit pipeline against a wider range of real-world CVEs earlier. The custom exploit generation is the biggest differentiator but also the hardest to benchmark — earlier empirical testing would have surfaced edge cases in payload generation sooner.

Rendpoint is an autonomous pentesting platform that deploys a coordinated swarm of AI agents to find and prove vulnerabilities across your entire attack surface — continuously, not annually.

Architecture

The platform is organized in five layers:

  • Control Plane — Campaign management, human-in-the-loop authorization, scope enforcement, kill switches
  • Agent Orchestration — 10 specialized agents sharing a Neo4j knowledge graph and Redis message bus, coordinated by a campaign planner that dynamically replans on new discoveries
  • Execution Engine — Firecracker-sandboxed exploit runtime, tool runner (Nmap, Nuclei, Semgrep, Metasploit, BloodHound, Impacket), and evidence collector with immutable audit trail
  • Intelligence Layer — CVE/NVD correlation, LLM-assisted exploit generation, RAG pipeline, cross-engagement learning system
  • Integration Layer — SIEM/SOAR, EDR/XDR, CI/CD pipelines, cloud providers, ticketing, and notification delivery

Key differentiators

  • Custom exploit generation — When no public PoC exists, the exploit developer agent uses LLM reasoning to analyze the vulnerability, select an attack technique, and generate safe proof-of-concept code. No other platform does this.
  • Attack chaining — Agents share discoveries through a graph database. A web app flaw chains into cloud metadata access chains into cross-account role assumption chains into domain compromise. Real attackers do this. Rendpoint proves it.
  • Self-improving — Three-tier memory: working (per-session), engagement (retained for audit), and collective intelligence (anonymized cross-engagement technique effectiveness scores and exploit reliability ratings).
  • Full-spectrum, continuous — Web, API, network, Active Directory, cloud, supply chain, and containers. Runs 24/7 instead of once a year.

Interested in working together?

Get in touch