Locust

Locust is an autonomous AI red team — three coordinated agents that continuously recon, exploit, and map attack chains across your infrastructure, so you're never flying blind.

Comment 2

Small to Mid market companies get breached constantly — not because they don't care, but because continuous security testing is expensive and manual pentests go stale the day they're printed. We were inspired by the many project being shipped by young developers these days, that have security slip below the radar.

Locust is an autonomous red team as a service. Three AI agents work in sequence to simulate what a real attacker would do:

  • Recon maps your attack surface deterministically — ports, services, endpoints, exposed files — then uses Gemini to score and prioritize targets.
  • Exploit runs Nuclei against every asset and auto-confirms high-confidence findings. For ambiguous cases, Gemini reasons through the evidence and filters false positives.
  • Lateral Movement is fully agentic — Gemini autonomously hypothesizes attack paths, calls tools to validate them, and builds blast-radius-scored attack chains.

Every finding is backed by a full agent reasoning trail. Every cycle runs in minutes. The live dashboard shows your attack surface, confirmed vulnerabilities, and D3-visualized attack chains updating in real time- so you always know what an attacker would find before they find it.

Built With

Share this project:

Updates