A new open source cybersecurity platform called CyberSentinel AI v3.0 has emerged as a significant development in autonomous security tools. It combines 33 real-world penetration testing and threat intelligence tools with a provider-agnostic AI engine that supports fully offline local inference with Claude, GPT-4o, OpenRouter, and Ollama.
Unlike traditional AI security assistants that only suggest commands, CyberSentinel AI actually runs tools like Nmap, SQLMap, Nikto, Nuclei, and OWASP ZAP in an isolated Kali Linux Docker sandbox and uses AI to analyze the results in real-time.
The platform is available on GitHub under the handle 3sk1nt4n/cybersentinel-ai and is designed to run entirely on local infrastructure, with no cloud dependencies.
The platform is deployed via Docker Compose and spans seven containerized services. The Next.js frontend (port 3000) provides the streaming chat interface, and the FastAPI backend (port 8000) handles AI routing, intent classification, and tool orchestration. Security scanning is performed within a sandboxed Kali container, completely isolating potentially dangerous operations from the host system.
Supporting the AI layer are three data infrastructure components: Neo4j for knowledge graph mapping of the attack surface and the MITER ATT&CK technique; ChromaDB as a search augmentation generation (RAG) engine based on the MITER, CIS, and NIST frameworks; and Elasticsearch with Kibana as the ELK stack SIEM with pre-seeded security events for log analysis training.
The agent execution model allows AI to classify user intent, autonomously select the appropriate tools, and run up to five tools simultaneously before integrating integrated analytics. This is a meaningful step toward practical security automation.
The platform organizes its toolset across six functional categories:
- Live Scanners (11): Nmap, Nikto, Nuclei, SQLMap, Subfinder, OWASP ZAP, SSL/TLS Analysis, DNS Recon, WHOIS, HTTP Headers, and Ping/Traceroute
- Threat Intel API (5): Shodan, VirusTotal, AbuseIPDB, AlienVault OTX, NVD/CISA KEV integration
- SIEM integration (3): ELK Stack, Splunk, and Wazuh connectors
- AI detection (5): Zeek analyzer, IOC extractor, log analyzer, threat detection, email phishing analyzer
- Threat Hunting (4): YARA Rules, Sigma Rules, Snort/Suricata Rules, and SIEM Query Generator
- Compliance (5): MITER ATT&CK, MITER ATLAS, NIST/CIS, HIPAA/PCI-DSS, and SOC 2/FedRAMP Framework
One of CyberSentinel’s distinctive features is the ability to switch AI providers during conversations. Users can switch between running Anthropic Claude, OpenAI GPT-4o, OpenRouter (unlocks over 100 models), and Ollama. qwen2.5:7b All locally, without losing the context of the conversation. All API keys are optional. The platform works completely offline using Ollama as the default inference engine.
Live threat intelligence is dynamically pulled from NVD, CISA KEV, EPSS, AlienVault OTX, and Abuse.ch to keep vulnerability context up-to-date without manual updates.
The platform enforces several safety measures, including input and output guardrails that block prompt injections, SSRF attacks, and system prompt leaks.
All scans are performed within isolated containers, and the project explicitly warns users that unauthorized scans are illegal under the Computer Fraud and Abuse Act (CFAA). Recommended safe test targets include: scanme.nmap.org and testphp.vulnweb.com.
System requirements include Docker Desktop and at least 8 GB of RAM. The first build pulls approximately 4-5GB of image and model data, and subsequent startups complete in approximately 30 seconds.
CyberSentinel AI v3.0 represents a remarkable fusion of agent AI and real-world security tools, providing security researchers and red teams with a self-contained, locally operated alternative to cloud-dependent platforms.
Follow us on Google News, LinkedIn and X for instant updates.
