Posted in

Code-Level Defenses: New RedAmon AI Tool Fully Automates Attack Chains and Pull Requests

by Rakesh0

The paradigm of traditional vulnerability scanning has been radically disrupted. The release of a new open-source offensive security platform called RedAmon is redefining automated penetration testing by transforming security tooling from a passive alert generator into a closed-loop defensive engineer. By natively chaining asset discovery, live target exploitation, post-exploitation triage, and code-level remediation, the system creates an end-to-end operational pipeline.

Unlike legacy platforms that merely output dense PDFs filled with unverified vulnerabilities, the RedAmon AI tool actively fixes the flaws it uncovers. The framework culminates its security lifecycle by programmatically generating a production-ready GitHub pull request containing the precise code fix, bridging the historical gap between security testing and software engineering.

Key Details

Developed as an open-source framework by Samuele Giampieri, an AWS-certified AI Platform Architect, and Ritesh Gohil, a Cyber Security Engineer at Workday, RedAmon operates as a completely modular, containerized architecture. Built natively on Docker, the platform runs entire offensive arrays inside localized, transient environments, requiring zero software packages or invasive hacking binaries installed on the host system.

The core architecture is organized across six central pillars: a parallelized Reconnaissance Pipeline, an AI Agent Orchestrator, an Attack Surface Graph, an evaluation engine named EvoGraph, the specialized CypherFix remediation engine, and a massive 500+ parameter Project Settings Engine. The platform’s end-to-end execution chain operates as follows:

[Target Asset] ──► Reconnaissance ──► Exploitation ──► Post-Exploitation ──► AI Triage ──► CodeFix Agent ──► [GitHub PR]

To provide total structural compliance, the framework accommodates broad Large Language Model (LLM) providers. Enterprise networks can dynamically switch between more than 400 models per project, including OpenAI’s GPT-5, Anthropic’s Claude Opus 4.6, AWS Bedrock environments, and Ollama-compatible local models for sensitive, air-gapped workloads.

Technical Analysis

The real power of RedAmon lies in its ability to translate raw tool data into structured, actionable intelligence for its internal LLM reasoning loops. The reconnaissance engine launches over 40 industry-standard scanner binaries in parallel—including Amass, Subfinder, Naabu, Masscan, Nuclei, Katana, FFuf, and Arjun—inside an isolated Kali Linux container.

Rather than parsing flat text outputs, RedAmon streams these disparate scanner results directly into a central Neo4j graph database utilizing 17 distinct node types and over 20 unique relationship definitions. This populates a living, queryable map of the target’s attack surface in real time.

  [Subfinder / Amass] ──► Subdomain Nodes ──┐
                                            ▼
  [Naabu / Masscan]   ──► Open Port Nodes   ───► [Neo4j Attack Surface Graph]
                                            ▲
  [Nuclei / Katana]   ──► HTTP Endpoint Nodes ┘

The execution core utilizes a LangGraph-based autonomous agent adhering to the Reasoning and Acting (ReAct) pattern. The system connects to its sandboxed Kali tools via Model Context Protocol servers (MCP), granting the LLM direct access to an offensive suite including:

  • Metasploit: For targeted exploit delivery.
  • Hydra: For parallel credential brute-forcing.
  • Playwright: For automated headless browser execution.
  • Kali Bash Shell: Containing over 70 pre-installed command-line utilities.

For complex targets, a “Fireteam” mode lets the primary coordinator split operations among multiple dedicated sub-agents. This allows one agent to audit active cross-site scripting (XSS) vectors on the frontend while a sibling agent concurrently probes backend privilege escalation paths.

Furthermore, a dedicated “AI Gauntlet” module applies automated red-teaming directly against discovered LLM endpoints using specialized security scanners like garak, PyRIT, Giskard, and promptfoo. This engine maps prompt injection risks and data exfiltration paths straight to OWASP-LLM and MITRE-ATLAS threat taxonomies.

Impact and Risks

The primary consequence of the RedAmon framework is the radical compression of remediation timelines. Where human security operators often require days to manually verify, document, and report application flaws, RedAmon completes the cycle from exploit validation to repository patching in minutes.

This automation is driven by the two-agent CypherFix remediation engine. First, a Triage Agent applies nine precompiled Cypher queries to the Neo4j knowledge graph to filter out noise, deduplicate findings, and accurately rank flaws based on true exploitability.

Next, a CodeFix Agent automatically clones the affected code repository, uses 11 code-aware development tools to navigate the directories, writes targeted code fixes within a localized loop, and issues a structured GitHub pull request.

Operational Guardrails: To prevent unintended collateral damage, RedAmon integrates a “Tool Confirmation” framework. This forces a human-in-the-loop gate before high-impact operations like active exploitation or network brute-forcing can execute. Furthermore, a permanent target guardrail hardcoded into the platform completely blocks execution against military, government, and educational domains.

Expert Recommendations

The emergence of closed-loop automated code remediation tools requires security teams and engineering directors to rethink application security policies:

  • Implement Mandatory Pull Request Code Reviews: While RedAmon automatically creates patches for discovered security flaws, development teams must treat AI-generated pull requests with the same scrutiny as code written by human junior engineers. Validate that the security patch does not inadvertently introduce logical regressions.
  • Embrace Graph-Native Asset Inventory: Follow RedAmon’s architectural example by structuring asset management inside graph databases rather than flat spreadsheets. Mapping vulnerabilities to specific host and software nodes makes it easier to trace lateral movement risks.
  • Establish Granular Repository Access Control: When integrating agentic remediation platforms into your CI/CD pipelines, assign least-privilege deployment keys. Ensure the agent only has access to specific, non-critical branches rather than blanket administrative rights across your entire source code organization.

Industry Context

RedAmon represents a logical leap within the modern DevSecOps landscape. While automated vulnerability scanning has been standard practice for over a decade, traditional systems have long struggled with high false-positive rates and patch-management backlogs.

By utilizing autonomous multi-agent structures like LangGraph and unified integration standards like the Model Context Protocol, open-source developers are demonstrating that AI can actively reduce security backlogs rather than simply adding more unverified alerts to a developer’s dashboard.

Conclusion

The launch of the RedAmon AI tool signals a future where offensive validation and defensive patching occur as a single unified loop. By combining comprehensive asset reconnaissance with automated code-level engineering, the platform minimizes the window of vulnerability that malicious actors traditionally rely upon. As these agentic pipelines continue to mature, the defining factor of enterprise cybersecurity will shift from how well an organization can find software bugs to how autonomously they can remediate them.

FAQ SECTION

1. What makes the RedAmon AI tool different from traditional vulnerability scanners?

Traditional scanners only discover and report vulnerabilities, leaving the verification and patching up to human teams. RedAmon is an offensive security platform that completely automates the lifecycle—it scans targets, validates vulnerabilities via live exploitation, triages the results, and automatically writes code fixes before opening a GitHub pull request.

2. Is RedAmon safe to deploy on production infrastructure?

Yes, RedAmon balances automation with safety. It includes a Tool Confirmation system that pauses the agent and requires a human-in-the-loop gate to approve high-impact operations like Metasploit exploits or Hydra brute-force routines. It also features a permanent Target Guardrail that prevents execution against military, government, and educational domains.

3. How does the CypherFix remediation engine work?

CypherFix uses a two-agent setup. The first is a Triage Agent that executes specialized Cypher queries against a centralized Neo4j graph database to filter out and rank exploit paths. The second is a CodeFix Agent that clones the target repository, modifies the vulnerable source files using code-aware tools, and creates a pull request for human verification.

4. What are Model Context Protocol (MCP) servers used for in RedAmon?

RedAmon leverages Model Context Protocol servers to provide its core LangGraph autonomous agent with a safe, standardized interface to interact directly with security utilities running inside a sandboxed Kali Linux container.

5. What kinds of models can be used to run the RedAmon framework?

The platform supports over 400 models from multiple major vendors. Users can dynamically configure projects to use proprietary frontier networks like OpenAI’s GPT-5 and Anthropic’s Claude Opus 4.6, cloud platforms like AWS Bedrock, or completely localized open-weights models through Ollama.

Subscribe

Leave a Reply

Your email address will not be published. Required fields are marked *