BlogT3MP3ST: The Open-Source Tool That Turns AI Coding Assistants Into Security Testers
SecurityAI AgentsOpen SourceRed Teaming

T3MP3ST: The Open-Source Tool That Turns AI Coding Assistants Into Security Testers

A new open-source project lets you point your existing AI tools — Claude, Codex, even a fully offline model — at a target system and have them hunt for vulnerabilities automatically. Here's what it is, how it works, and why it matters.

July 7, 2026·6 min read·Aira

Security testing has traditionally required either expensive human experts or expensive commercial tools. A new open-source project called T3MP3ST is trying to change that by turning the AI coding assistants you already use — Claude Code, Codex, or even a model running entirely on your own machine — into automated vulnerability hunters.

The project comes from a well-known figure in the AI red-teaming community who goes by the handle elder-plinius. It's free, open-source under the AGPL-3.0 licence, and designed to be run with whatever AI model you already have access to. No new accounts, no extra subscriptions.

What Does It Actually Do?

At its core, T3MP3ST gives your AI assistant a structured job to do: find security weaknesses in a target system. But instead of just asking the AI a question, it organises the work the way a real security team would — with different specialists handling different parts of the job.

The framework runs eight AI agents at once, each with a distinct role. One does reconnaissance — gathering information about the target. Another scans for known vulnerabilities. A third tries to exploit what the scanner finds. There's an agent responsible for moving laterally through a system once initial access is gained, one that handles data extraction, one that tries to cover tracks, one that coordinates the whole operation, and a final analyst that writes up the findings.

The eight agents and what they do

Recon: gathers information about the target. Scanner: identifies known vulnerabilities. Exploiter: attempts to trigger those vulnerabilities. Infiltrator: tests for lateral movement. Exfiltrator: simulates data extraction. Ghost: tests detection evasion. Coordinator: manages the whole operation. Analyst: writes the final report.

Each agent runs in a loop: observe the situation, reason about what to do next, take an action, check the result, repeat. They're not just generating text — they're using real tools. Running actual commands. Making real HTTP requests. The distinction matters: this is an AI that does security testing, not one that talks about it.

How Well Does It Actually Work?

This is where T3MP3ST does something unusual for an AI security tool: it publishes verifiable benchmarks rather than asking you to take its word for it. Every performance claim in the project can be independently checked by running a single command — npm run verify-claims — which re-derives all the numbers from committed test data.

The results on those benchmarks are notable. On a suite of 104 web application security challenges, the framework achieved 90.1% — outperforming the 85% figure reported by XBOW, a well-known commercial web security AI. On Cybench, an academic set of 40 capture-the-flag security challenges, it solved 23 without any hints. On a set of 10 real-world vulnerabilities published after the AI model's training cutoff — meaning it couldn't have memorised the answers — it correctly identified the exact file, line, and vulnerability type for 8 out of 10, and found all 10 in some form.

The important caveat: those benchmark numbers come from single-agent testing, not the full eight-agent swarm. The coordinated multi-agent architecture is still experimental. The individual components work; the orchestrated team is a work in progress.

Who Is This For?

T3MP3ST is built for security professionals and developers who want to test systems they own or have explicit permission to test. The framework is emphatic on this: it is for authorised use only, and once you set a target, the built-in tools refuse to make requests outside the scope you defined. You can't accidentally drift from testing your own application into probing systems you have no right to touch.

The practical use cases include developers who want to audit their own applications before launch, security teams running internal penetration tests, and researchers working on capture-the-flag competitions. It's also useful as an educational tool — watching eight AI agents work through a security problem step by step is a genuinely interesting way to learn how attacks are structured.

It's not a tool for casual users or for anyone without a technical background. Setting it up requires comfort with Node.js, and using it well requires understanding what the results mean. But for engineers who already know security testing, the barrier to getting started is lower than most commercial alternatives.

No Extra Accounts Required

One of T3MP3ST's more practical selling points is that it works with AI tools you probably already have. If you use Claude Code or Codex as your daily coding assistant, you can connect T3MP3ST to the same model without a separate API key or subscription. It sits on top of your existing AI setup rather than replacing it.

If you'd rather not send any data to a cloud provider at all, the framework also supports fully local operation through Ollama, LM Studio, or any OpenAI-compatible local server. You can run the entire security testing operation on your own hardware with no external calls.

The user interface is a web-based 'War Room' that runs at localhost once you start the server, giving you a dashboard view of what each agent is doing in real time. There's also a command-line interface and an HTTP API for integrating it into existing workflows.

Why This Is Worth Watching

Security testing has historically been expensive, slow, and dependent on scarce specialist expertise. Tools like T3MP3ST don't replace human security experts — the judgement required to understand context, assess business impact, and prioritise remediation is still very much a human job. But they change the economics of finding vulnerabilities in the first place.

The verifiable benchmarks approach is particularly interesting as a model for the AI security space more broadly. Unverifiable performance claims have been a persistent problem in AI tooling — vendors report numbers in ways that are difficult to reproduce or compare. A framework that ships its test data alongside its code and lets you re-run the numbers yourself is a higher standard than most of the field is currently holding itself to.

T3MP3ST is early-stage in some of its capabilities — the coordinated swarm architecture is explicitly marked experimental — but the underlying approach is sound, the benchmark results are real, and the open-source model means the community can extend and verify it in ways proprietary tools don't allow. For engineers interested in where AI and security intersect, it's worth spending an afternoon with.

More from the blog