AgentSploit launches as offensive security framework for AI agents and MCP servers
AgentSploit is a Burp Suite/Metasploit-style offensive security framework purpose-built to probe LLM agents and MCP servers for vulnerabilities that traditional scanners cannot detect.
Score breakdown
AgentSploit addresses a security testing gap the project itself identifies: no existing mainstream scanner operates at the LLM agent and MCP server layer, leaving a novel attack surface without dedicated offensive tooling.
- 01AgentSploit is described as a Burp Suite / Metasploit-style framework for offensive security testing of LLM agents and MCP servers.
- 02It targets four attack vectors: malicious tool descriptions, prompt injection via untrusted content, chained-tool privilege escalation, and cross-session memory/context poisoning.
- 03The README explicitly states that existing scanners — Burp, ZAP, Semgrep, and Snyk — do not cover this attack surface.
AgentSploit is a GitHub-hosted, Apache-2.0-licensed Python framework that brings Burp Suite and Metasploit-style offensive security tooling to the agentic AI attack surface. It is aimed at red teamers, AI security researchers, and product security teams who need to probe LLM agents and MCP servers for a class of vulnerabilities that legacy security tooling cannot address.
The README notes that existing scanners — specifically naming Burp, ZAP, Semgrep, and Snyk — do not operate at this layer.
The project's README identifies four distinct attack vectors it is designed to test: tool descriptions that function as LLM-readable instructions and can be crafted maliciously to hijack agent behavior; prompt injection delivered through untrusted content sources such as PDFs, web pages, calendar invites, and tickets; privilege escalation paths created by chained tool calls that no traditional permission model captures; and poisoning of memory and context windows across sessions. The README notes that existing scanners — specifically naming Burp, ZAP, Semgrep, and Snyk — do not operate at this layer.
The repository includes a `docs/getting-started.md` described as a 10-minute tour of capabilities runnable against bundled fixtures without API keys. The project ships with an `AUTHORIZATION.md` file and prominently requires explicit written permission before scanning any target the tester does not own. The source content is truncated before further technical details are described.
Key facts
- 01AgentSploit is described as a Burp Suite / Metasploit-style framework for offensive security testing of LLM agents and MCP servers.
- 02It targets four attack vectors: malicious tool descriptions, prompt injection via untrusted content, chained-tool privilege escalation, and cross-session memory/context poisoning.
- 03The README explicitly states that existing scanners — Burp, ZAP, Semgrep, and Snyk — do not cover this attack surface.
- 04The project is aimed at red teamers, AI security researchers, and product security teams.
- 05It is licensed under Apache-2.0 and hosted on GitHub.
- 06A getting-started guide is included that requires no API keys and runs against bundled fixtures.
- 07The project requires explicit written authorization before scanning any target the tester does not own.
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 9, 2026 · 17:05 UTC. How this works →