Last Issue: DevSecOps Course: 2026 🛣️

Next Issue: I’m launching a world first project…

This Issue: AI Pentesting Project

This week we are setting up and testing PentestGPT, i’m going to assume you can guess what this one does already.

PentestGPT can

• Perform end to end automatic penetration testing without
  human expert knowledge

• Exploit the vulnerabilities and generate PoCs

• Automatically generate reports

To be clear: this is a fun project for the weekend, not necessarily something that’s going to redefine your CV. However, it is a pretty cool case study in how AI can speed up, not replace, the penetration testing process. It handles the "grunt work" of parsing scan results and suggesting the next logical command.

While tools like this are 100% going to be (and already are) being used in workflows, it still lacks adversarial intuition. It struggles with the contextual nuance. It might find a vulnerability but miss the “business logic” flaw that makes it critical.

The approach

As you probably know from using ChatGPT, LLMs tend to prioritise the most recent instruction you gave them, often losing sight of the broader objective. In a penetration test, where you might be juggling three different open ports while trying to maintain your initial foothold it’s not ideal. The AI literally “forgets the mission” while focusing on a single terminal error.

To combat this, the research team (who presented this at USENIX Security) split the process into three distinct modules to keep the “brain” on track:

You can read more here: https://pentestgpt.com/paper.html

Project Time…. 🚀

As usual, I reserve the Projects for community members…Come join the fun! 🌍