Back to Articles
Cybersecurity

CyberStrike: Building an AI Red Team with 7,300 Lazy-Loaded Security Skills

★ 254 TypeScript 95/100 May 7, 2026
Rob Ragan
Rob Ragan Offensive security researcher and AI agent architect. Founder of Starlog.
[ View on GitHub ]

CyberStrike: Building an AI Red Team with 7,300 Lazy-Loaded Security Skills

Hook

Most AI security tools send your entire knowledge base to the LLM upfront, wasting 80% of your context window on irrelevant attack vectors. CyberStrike loads exactly what it needs, when it needs it—7,300 security skills without pollution.

Context

Traditional penetration testing faces a brutal scaling problem. A skilled pentester might assess 5-10 applications per month, following frameworks like OWASP WSTG's 120+ test cases or CIS Benchmarks' 1,500+ controls. Security teams need continuous validation, but human expertise doesn't scale to cloud-native environments spinning up hundreds of microservices.

Early attempts at AI-powered pentesting fell into two traps: vendor lock-in to specific LLM providers (usually OpenAI), and naive prompt engineering that dumped entire security frameworks into the context window. The result? Models that could discuss security conceptually but failed at systematic methodology execution. CyberStrike tackles both problems with a provider-agnostic intelligence layer and lazy-loading architecture that injects security expertise without overwhelming the model's token budget. Instead of hoping GPT-4 "knows" pentesting, it explicitly guides any LLM through established offensive security frameworks.

Technical Insight

CyberStrike's architecture centers on what the maintainers call an "intelligence layer"—a TypeScript abstraction that sits between your chosen LLM and 7,300+ security skills drawn from MITRE ATT&CK (2,000+ Atomic Red Team tests), CIS Benchmarks (1,500+ controls), OWASP, and NIST frameworks. The breakthrough is lazy-loading: skills are dynamically injected based on target context rather than front-loaded into prompts.

The system implements 13+ specialized agents—web application security, cloud infrastructure, mobile apps, network penetration, API testing, and more. Each agent follows established methodologies. The web app agent, for instance, walks through OWASP WSTG systematically: information gathering, configuration testing, identity management, authentication, authorization, session management, input validation, error handling, and cryptography. Here's how you instantiate an agent with provider flexibility:

import { CyberStrike, Agent } from 'cyberstrike';
import { AnthropicProvider, OllamaProvider } from 'cyberstrike/providers';

// Cloud deployment with Anthropic
const cloudAgent = new CyberStrike({
  provider: new AnthropicProvider({
    apiKey: process.env.ANTHROPIC_KEY,
    model: 'claude-3-5-sonnet-20241022'
  }),
  agent: Agent.WebAppSecurity,
  skillLoadingStrategy: 'lazy' // Only load relevant OWASP tests
});

// Air-gapped deployment with local Ollama
const airGappedAgent = new CyberStrike({
  provider: new OllamaProvider({
    baseUrl: 'http://localhost:11434',
    model: 'llama3.1:70b'
  }),
  agent: Agent.CloudInfrastructure,
  frameworks: ['CIS-AWS', 'MITRE-ATT&CK'] // Load only AWS-specific skills
});

await cloudAgent.assess('https://target-app.com');

The lazy-loading mechanism works through skill indexing. When you target a web application, the agent analyzes the tech stack (React, Node.js, PostgreSQL) and loads only relevant OWASP test cases and MITRE techniques. Testing a GraphQL API? It pulls introspection checks, batch attack vectors, and nested query DoS patterns—maybe 50 skills instead of all 7,300. This keeps context windows clean and responses focused.

Schema normalization handles the chaos of different LLM output formats. Anthropic's Claude might structure findings differently than Google's Gemini or a local Llama model. CyberStrike enforces consistent JSON schemas for vulnerability reports, remediation steps, and CVSS scoring regardless of provider:

// Internal schema normalization
interface VulnerabilityFinding {
  id: string;
  title: string;
  severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
  cvss: number;
  mitreAttackId?: string; // Maps to ATT&CK technique
  cisControlId?: string;  // Maps to CIS control
  evidence: {
    request: string;
    response: string;
    exploit?: string;
  };
  remediation: string[];
}

Remote tool execution happens through the Bolt component, which uses Ed25519 authentication to securely orchestrate distributed security tools. Your AI orchestrator might run in a secure network segment while Bolt agents execute tools (Nmap, SQLMap, Nuclei) in DMZs or target environments. The agent chains tools intelligently: port scan reveals open web services → directory brute-forcing finds admin panels → authentication testing checks for default credentials → privilege escalation attempts based on findings.

The MITRE ATT&CK integration is particularly sophisticated. Rather than generic "run this exploit," the agent maps findings to specific ATT&CK techniques (T1190 for exploit public-facing applications, T1078 for valid accounts) and automatically selects appropriate Atomic Red Team tests. Testing Azure? It might chain T1078.004 (cloud accounts) → T1087.004 (cloud account discovery) → T1069.003 (cloud groups enumeration) based on initial reconnaissance results. This methodology-driven approach beats random exploit attempts by following how real adversaries operate.

The provider-agnostic design means you're not betting your security program on OpenAI's uptime or Anthropic's pricing. Need airgap compliance for defense contractors? Run Ollama locally. Want cutting-edge reasoning? Swap in Claude or GPT-4. The intelligence layer maintains consistent methodology regardless of the underlying model's architecture.

Gotcha

The elephant in the room: this is still AI-driven offensive security, with all the reliability concerns that implies. Even with CyberStrike's structured approach, weaker local models (sub-30B parameters) struggle with complex attack chaining. You might get a perfect SQL injection enumeration from Claude 3.5 Sonnet but inconsistent results from Llama 3.1 8B on the same target. The lazy-loading architecture helps, but can't overcome fundamental model capability gaps.

Business logic vulnerabilities remain a significant blind spot. CyberStrike excels at framework-driven testing—checking for SQL injection, XSS, authentication bypass, misconfigurations—but AI models lack the domain context to spot flawed discount calculation logic or race conditions in payment processing. A human pentester who understands your business can craft attacks around workflow assumptions; the AI follows methodologies without that creative intuition. You'll catch OWASP Top 10 issues reliably, but subtle authorization bugs in multi-tenant SaaS applications require human reasoning.

Legal and ethical considerations can't be automated away. The tool makes offensive security accessible, which is powerful and dangerous. Running autonomous pentesting against systems you don't own or without explicit authorization is illegal. The AI doesn't understand scope boundaries the way humans do—if you point it at a web app, it might spider to linked third-party services or partner APIs. You need manual safeguards, clear rules of engagement, and constant monitoring. This isn't a "set and forget" security scanner; it's a force multiplier for professionals who understand the legal and technical boundaries.

Verdict

Use if: You're augmenting human security teams with continuous, methodology-driven testing at scale; you need provider flexibility to support airgap deployments, cost optimization, or vendor independence; you're running bug bounty programs or DevSecOps pipelines that benefit from automated reconnaissance and initial exploitation; you have clear authorization and scope controls. Skip if: You need deeply specialized manual pentesting for M&A security diligence or critical infrastructure assessments where AI variability is unacceptable; you lack experienced security professionals to validate findings and manage scope; you're looking for a magic button to replace human expertise rather than a tool to amplify it; your legal/compliance requirements prohibit AI-driven offensive testing. CyberStrike is the best AI pentesting framework for teams who understand both security methodology and LLM capabilities—it's infrastructure for intelligent security automation, not a replacement for judgment.

// RELATED

Cybersecurity

Caldera: When Your Red Team Needs a Planning Algorithm, Not Just Another C2

By Rob Ragan ★ 7.0k Unknown May 24, 2026
Cybersecurity

Caldera: Building Adversary Emulation with Fact-Based Planning Engines

By Rob Ragan ★ 7.0k Unknown May 24, 2026
Cybersecurity

Inside Mathias Bynens' Dotfiles: The Blueprint for 30,000 macOS Developer Environments

By Rob Ragan ★ 31.3k Unknown May 15, 2026
Cybersecurity

Glow: Why Rendering Markdown in the Terminal Shouldn't Require a Browser

By Rob Ragan ★ 25.2k Unknown May 15, 2026
Cybersecurity

Caldera: When Your Red Team Needs a Planning Algorithm, Not Just Another C2

By Rob Ragan ★ 7.0k Unknown May 24, 2026
Cybersecurity

Caldera: Building Adversary Emulation with Fact-Based Planning Engines

By Rob Ragan ★ 7.0k Unknown May 24, 2026
Cybersecurity

Inside Mathias Bynens' Dotfiles: The Blueprint for 30,000 macOS Developer Environments

By Rob Ragan ★ 31.3k Unknown May 15, 2026
aiai-agentappsecatomic-red-teambug-bountycis-benchmarkscybersecuritydevsecopsethical-hackingmcpmitre-attacknistoffensive-securityowasppenetration-testingpentestred-teamsecurity-automationsecurity-toolsweb-security
// ADD TO YOUR README
Featured on Starlog 
[![Featured on Starlog](https://starlog.is/api/badge/cybersecurity/cyberstrikeus-cyberstrike.svg)](https://starlog.is/api/badge-click/cybersecurity/cyberstrikeus-cyberstrike)