AI-Powered Penetration Testing Agent
DOI:
https://doi.org/10.15662/IJEETR.2026.0802066Keywords:
Autonomous penetration testing, AI-driven security assessment, Natural language security orchestration, , Multi-tool vulnerability scanning, Smart correlation engine, Attack path analysis, Automated remediation prioritizationAbstract
Penetration testing has long demanded deep expertise and a working familiarity with a sprawling toolkit — tools that rarely talk to each other. ScanAI is built to change that. It is an autonomous, AI-driven security assessment agent that lets practitioners describe what they want in plain English and then takes care of the rest: picking the right scanners, tuning their configurations, chaining them in the correct order, pulling together the findings, spotting the attack paths that matter, and producing a report that is actually actionable. At its core, ScanAI runs on Google Gemini and brings together 23 specialised scanner modules governed by 106 YAML workflow profiles, collectively covering network infrastructure, web application security, open-source intelligence, and secrets detection. A dedicated Smart Correlation Engine ties all of this together — synthesising outputs across modules, computing composite risk scores on a 0–100 scale, and mapping out remediation priorities. When tested across eight attack scenario categories, ScanAI returned an average precision of 96.6%, recall of 95.8%, and F1-score of 96.1%. Head-to-head against tools like Burp Suite, OWASP ZAP, and Nessus, it pulls ahead on automation depth, scanner coverage, and the kind of cross-domain intelligence that none of them attempt
References
1. Google, "Gemini: A family of highly capable multimodal models," Google DeepMind Technical Report, 2023.
2. R. Deraison, "Nessus: An open-source network vulnerability scanner," USENIX Security Symposium, 2000.
3. Greenbone Networks, "OpenVAS: Open Vulnerability Assessment System," [Online]. Available: https://www.openvas.org, 2023.
4. OWASP Foundation, "OWASP ZAP: Zed Attack Proxy," [Online]. Available: https://www.zaproxy.org, 2023.
5. S. M. Ghaffarian and H. R. Shahriari, "Software vulnerability analysis and discovery using machine learning and data mining techniques: A survey," ACM Computing Surveys, vol. 50, no. 4, pp. 1-36, 2017.
6. C.Nagarajan and M.Madheswaran - ‘Stability Analysis of Series Parallel Resonant Converter with Fuzzy Logic Controller Using State Space Techniques’- Taylor &Francis, Electric Power Components and Systems, Vol.39 (8), pp.780-793, May 2011. DOI: 10.1080/15325008.2010.541746
7. C.Nagarajan and M.Madheswaran - ‘Experimental verification and stability state space analysis of CLL-T Series Parallel Resonant Converter’ - Journal of Electrical Engineering, Vol.63 (6), pp.365-372, Dec.2012. DOI: 10.2478/v10187-012-0054-2
8. C.Nagarajan and M.Madheswaran - ‘Performance Analysis of LCL-T Resonant Converter with Fuzzy/PID Using State Space Analysis’- Springer, Electrical Engineering, Vol.93 (3), pp.167-178, September 2011. DOI 10.1007/s00202-011-0203-9
9. S.Tamilselvi, R.Prakash, C.Nagarajan,“Solar System Integrated Smart Grid Utilizing Hybrid Coot-Genetic Algorithm Optimized ANN Controller” Iranian Journal Of Science And Technology-Transactions Of Electrical Engineering, DOI10.1007/s40998-025-00917-z,2025
10. S.Tamilselvi, R.Prakash, C.Nagarajan,“ Adaptive sliding mode control of multilevel grid-connected inverters using reinforcement learning for enhanced LVRT performance” Electric Power Systems Research 253 (2026) 112428, doi.org/10.1016/j.epsr.2025.112428
11. S.Thirunavukkarasu, C. Nagarajan, 2024, “Performance Investigation on OCF and SCF study in BLDC machine using FTANN Controller," Journal of Electrical Engineering And Technology, Volume 20, pages 2675–2688, (2025), doi.org/10.1007/s42835-024-02126-w
12. C. Nagarajan, M.Madheswaran and D.Ramasubramanian- ‘Development of DSP based Robust Control Method for General Resonant Converter Topologies using Transfer Function Model’- Acta Electrotechnica et Informatica Journal , Vol.13 (2), pp.18-31,April-June.2013, DOI: 10.2478/aeei-2013-0025.
13. C.Nagarajan and M.Madheswaran - ‘DSP Based Fuzzy Controller for Series Parallel Resonant converter’- Springer, Frontiers of Electrical and Electronic Engineering, Vol. 7(4), pp. 438-446, Dec.12. DOI 10.1007/s11460-012-0212-0.
14. C.Nagarajan and M.Madheswaran - ‘Experimental Study and steady state stability analysis of CLL-T Series Parallel Resonant Converter with Fuzzy controller using State Space Analysis’- Iranian Journal of Electrical & Electronic Engineering, Vol.8 (3), pp.259-267, September 2012.
15. C.Nagarajan and M.Madheswaran, “Analysis and Simulation of LCL Series Resonant Full Bridge Converter Using PWM Technique with Load Independent Operation” has been presented in ICTES’08, a IEEE / IET International Conference organized by M.G.R.University, Chennai.Vol.no.1, pp.190-195, Dec.2007
16. Suganthi Mullainathan, Ramesh Natarajan, “An SPSS and CNN modelling based quality assessment using ceramic materials and membrane filtration techniques”, Revista Materia (Rio J.) Vol. 30, 2025, DOI: https://doi.org/10.1590/1517-7076-RMAT-2024-0721
17. M Suganthi, N Ramesh, “Treatment of water using natural zeolite as membrane filter”, Journal of Environmental Protection and Ecology, Volume 23, Issue 2, pp: 520-530,2022
18. Z. Feng et al., "CodeBERT: A pre-trained model for programming and natural languages," in Proc. EMNLP Findings, 2020, pp. 1536-1547.
19. G. Deng et al., "PentestGPT: An LLM-empowered automatic penetration testing tool," in Proc. USENIX Security, 2024.
20. A. Samtani, K. Chinn, C. Larson, and H. Chen, "AZSecure hacker assets portal: Cyber threat intelligence and malware analysis," in Proc. IEEE ISI, 2016, pp. 19-24.
21. S. Pozdniakov et al., "Smart security audit: Reconnaissance and vulnerability assessment using open-source intelligence," in Proc. IEEE MIPRO, 2020, pp. 1128-1133.
22. Z. Wang et al., "A multi-agent framework for automated penetration testing with large language models," arXiv:2401.00151, 2024.
