A new open-source cybersecurity platform called CyberSentinel AI v3.0 has emerged as a significant development in autonomous security tooling, combining 33 real-world penetration testing and threat intelligence tools with a provider-agnostic AI engine that supports Claude, GPT-4o, OpenRouter, and fully offline local inference via Ollama.
Unlike conventional AI security assistants that just suggest commands, CyberSentinel AI actually executes tools including Nmap, SQLMap, Nikto, Nuclei, and OWASP ZAP inside an isolated Kali Linux Docker sandbox, then uses AI to analyze results in real time.
The platform is available on GitHub under the handle 3sk1nt4n/cybersentinel-ai and is designed to run entirely on local infrastructure with no cloud dependencies required.
The platform deploys via Docker Compose and spans seven containerized services. A Next.js frontend (port 3000) delivers a streaming chat interface, while a FastAPI backend (port 8000) handles AI routing, intent classification, and tool orchestration. Security scans execute inside a sandboxed Kali container, keeping potentially dangerous operations fully isolated from the host system.
Supporting the AI layer are three data infrastructure components Neo4j for knowledge graph mapping of attack surfaces and MITRE ATT&CK techniques, ChromaDB as a Retrieval-Augmented Generation (RAG) engine grounded in MITRE, CIS, and NIST frameworks, and Elasticsearch with Kibana as an ELK Stack SIEM with pre-seeded security events for log analysis training.
The agentic execution model allows the AI to classify user intent, autonomously select appropriate tools, and run up to five tools concurrently before synthesizing a unified analysis, a meaningful step toward practical security automation.
CyberSentinel AI with 33 Security Tools
The platform organizes its toolset across six functional categories:
Live Scanners (11): Nmap, Nikto, Nuclei, SQLMap, Subfinder, OWASP ZAP, SSL/TLS analysis, DNS Recon, WHOIS, HTTP Headers, and Ping/Traceroute
Threat Intel APIs (5): Shodan, VirusTotal, AbuseIPDB, AlienVault OTX, and NVD/CISA KEV integration
SIEM Integration (3): ELK Stack, Splunk, and Wazuh connectors
AI Detection (5): Zeek Analyzer, IOC Extractor, Log Analyzer, Threat Detection, and Email Phishing Analyzer
Threat Hunting (4): YARA Rules, Sigma Rules, Snort/Suricata Rules, and SIEM Query Generator
Compliance (5): MITRE ATT&CK, MITRE ATLAS, NIST/CIS, HIPAA/PCI-DSS, and SOC 2/FedRAMP frameworks
One of CyberSentinel’s distinguishing features is its mid-conversation AI provider switching. Users can toggle between Anthropic Claude, OpenAI GPT-4o, OpenRouter (which unlocks 100+ models), and Ollama running qwen2.5:7b locally, all without losing conversation context. All API keys are optional; the platform operates fully offline using Ollama as the default inference engine.
Live threat intelligence is pulled dynamically from NVD, CISA KEV, EPSS, AlienVault OTX, and Abuse.ch, keeping vulnerability context current without manual updates.
The platform enforces several safeguards, including input/output guardrails that block prompt injection, SSRF attacks, and system prompt leakage.
All scans run inside an isolated container, and the project explicitly warns users that unauthorized scanning is illegal under the Computer Fraud and Abuse Act (CFAA). Recommended safe test targets include scanme.nmap.org and testphp.vulnweb.com.
System requirements include Docker Desktop and a minimum of 8 GB of RAM. The initial build pulls approximately 4–5GB of images and model data, with subsequent startups completing in roughly 30 seconds.
CyberSentinel AI v3.0 represents a notable convergence of agentic AI and real security tooling, offering security researchers and red teams a self-contained, locally operated alternative to cloud-dependent platforms.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post CyberSentinel AI with 33 Security Tools, Including Nmap, SQLMap, ZAP, and uses Claude, GPT appeared first on Cyber Security News.
