auto/attack
>

What is autonomous penetration testing?

Guide

Autonomous penetration testing is software that attacks a network the way a human red team would — gaining a foothold, chaining weaknesses together, and reaching a defined objective such as Domain Admin — without a human driving each step. Unlike a one-time engagement, it runs whenever you deploy it and proves every step with captured evidence.

How it differs from a traditional penetration test

A traditional penetration test is a human engagement: skilled testers, booked weeks in advance, working a fixed number of hours, who hand back a report. It is valuable, but it is a snapshot — true only for the days it was run, and only as deep as the hours allowed.

Autonomous penetration testing moves the same craft into software. It runs on demand, pursues many paths at once, and does not tire or run out of hours. What a red team does over weeks, it works through in minutes. Both share the bar that matters: they prove real compromise, not theoretical risk. It builds on two adjacent ideas: AI penetration testing, the machine decision-making that chooses each move, and automated penetration testing, the scripted automation it goes beyond. See the head-to-head against an automated platform.

How it differs from exposure inventory

An exposure inventory — the ranked list of weaknesses produced by vulnerability management — tells you what might be exploitable. It stops there. Every entry is a maybe: it has been matched against a database of known issues, not actually tried.

Autonomous penetration testing does the trying. It exploits, chains one weakness into the next, and either reaches the goal or exhausts every route. The output is not a list of maybes but a captured account of what an intruder can actually do. Black-box on the same Active Directory lab, an exposure-inventory tool reached zero of three domains while AutoAttack reached all three. Chaining those misconfigurations into the domain is the focus of Active Directory penetration testing.

How it works

You set a goal in plain English — take Domain Admin, read a named inbox, find regulated data on a subnet. The software starts from a single foothold inside the network and works outward exactly as an intruder would:

  • Enumerate — map the hosts, services, and identities reachable from where it landed.
  • Exploit — turn a weakness into access: a web-application flaw, a misconfiguration, a weak or reused credential.
  • Chain — use that access to reach the next target: web app to host, host to network, network to domain controller.
  • Prove — capture the evidence at each step, so the path is a record rather than a claim.

It pursues many of these paths in parallel and adapts as it learns the environment, the way a real adversary does. See how the platform works or the deploy quickstart.

Why proof is the point

The defining feature of autonomous penetration testing is that every reported finding is a step that already happened — captured as it ran, not inferred from a version number. That is the difference between “this host may be vulnerable” and “here is the exact path to Domain Admin, and here is the data captured along the way.”

For a defender, proof is what turns a finding into a decision. It removes the argument about whether something is really exploitable and replaces it with the recording of it being exploited.

How AutoAttack does it

AutoAttack is an autonomous adversary — autonomous penetration testing carried to its conclusion. It deploys as a single container inside your network, takes the goal you set, and proves the whole path to it. There is nothing to install on every host and no credentials to hand over.

On hardened GOAD — the standard Active Directory proving ground — it reached Domain Admin across all three domains in a 0:51 median over ten independent runs.See the benchmark, or deploy it against your own network.