CyberSentinel AI v3.0 has been introduced as an open-source cybersecurity platform that integrates 33 penetration testing and threat intelligence tools with a versatile AI engine. This engine supports multiple AI models, including Claude, GPT-4o, OpenRouter, and offers offline local inference through Ollama.
Unlike traditional AI security assistants that merely suggest commands, CyberSentinel AI actively executes tools such as Nmap, SQLMap, Nikto, Nuclei, and OWASP ZAP within an isolated Kali Linux Docker sandbox. The AI component then analyzes the results in real time, providing actionable insights.
Available on GitHub under the repository 3sk1nt4n/cybersentinel-ai, the platform is designed to operate entirely on local infrastructure, eliminating the need for cloud dependencies. Deployment is managed via Docker Compose, encompassing seven containerized services. A Next.js frontend offers a streaming chat interface, while a FastAPI backend handles AI routing, intent classification, and tool orchestration. Security scans are conducted within a sandboxed Kali container, ensuring that potentially hazardous operations remain isolated from the host system.
The AI layer is supported by three data infrastructure components: Neo4j for knowledge graph mapping of attack surfaces and MITRE ATT&CK techniques, ChromaDB as a Retrieval-Augmented Generation (RAG) engine grounded in MITRE, CIS, and NIST frameworks, and Elasticsearch with Kibana as an ELK Stack SIEM with pre-seeded security events for log analysis training.
Comprehensive Toolset
CyberSentinel AI’s toolset is organized into six functional categories:
- Live Scanners (11): Nmap, Nikto, Nuclei, SQLMap, Subfinder, OWASP ZAP, SSL/TLS analysis, DNS Recon, WHOIS, HTTP Headers, and Ping/Traceroute.
- Threat Intelligence APIs (5): Shodan, VirusTotal, AbuseIPDB, AlienVault OTX, and NVD/CISA KEV integration.
- SIEM Integration (3): ELK Stack, Splunk, and Wazuh connectors.
- AI Detection (5): Zeek Analyzer, IOC Extractor, Log Analyzer, Threat Detection, and Email Phishing Analyzer.
- Threat Hunting (4): YARA Rules, Sigma Rules, Snort/Suricata Rules, and SIEM Query Generator.
- Compliance (5): MITRE ATT&CK, MITRE ATLAS, NIST/CIS, HIPAA/PCI-DSS, and SOC 2/FedRAMP frameworks.
A notable feature of CyberSentinel AI is its ability to switch AI providers mid-conversation. Users can seamlessly toggle between Anthropic Claude, OpenAI GPT-4o, OpenRouter (which provides access to over 100 models), and Ollama running `qwen2.5:7b` locally, all without losing conversation context. While API keys are optional, the platform can operate fully offline using Ollama as the default inference engine.
To maintain up-to-date vulnerability context, the platform dynamically pulls live threat intelligence from sources such as NVD, CISA KEV, EPSS, AlienVault OTX, and Abuse.ch, eliminating the need for manual updates.
CyberSentinel AI also incorporates several security safeguards, including input/output guardrails that prevent prompt injection, SSRF attacks, and system prompt leakage. All scans are executed within an isolated container, and the project explicitly warns users that unauthorized scanning is illegal under the Computer Fraud and Abuse Act (CFAA).
The introduction of CyberSentinel AI v3.0 signifies a significant advancement in autonomous security tooling. By combining a comprehensive suite of security tools with a flexible AI engine, the platform offers a robust solution for conducting thorough and efficient security assessments. Its emphasis on local infrastructure operation and dynamic AI provider switching positions it as a versatile tool for security professionals seeking to enhance their assessment capabilities.
