Lyrie: Open-source autonomous pentesting agent
Penetration testing has usually required weeks of manual work, specialized tooling, and teams with narrow skill sets. Lyrie, an open-source autonomous security agent built by OTT Cybersecurity, compresses that process into a command line tool and publishes the entire codebase.
The project reached version 3.1.0 this month. The release adds XChaCha20-Poly1305 memory encryption for sensitive threat data, seven new proof-of-concept generators covering prompt injection, auth bypass, CSRF, open redirect, race conditions, secret exposure, and cross-site execution, and three new deep scanners for Rust analysis, taint engine processing, and AI-driven code review. The repository now ships 25 tested commands spanning core security operations, binary analysis, governance, and self-improvement workflows.
Two components, one install
Lyrie splits into two installable packages. lyrie-omega is a Python CLI that handles scanning, pentesting, and red-teaming. @lyrie/atp is a TypeScript and Node.js SDK that implements the Agent Trust Protocol, a cryptographic standard for establishing AI agent identity at runtime. Both install from a single one-line script or separately via pip and npm.
The core pentest workflow, triggered by lyrie hack, runs a seven-phase pipeline: reconnaissance, fingerprinting, scanning, exploitation, proof-of-concept generation, and report output. The tool targets live URLs and local source trees and outputs findings in SARIF format for GitHub Code Scanning. The AI red-teaming module supports five attack strategies against LLM endpoints, including gradient-based suffix attacks that require H200 GPU infrastructure.
The Agent Trust Protocol
The Agent Trust Protocol addresses a gap in how autonomous AI agents authenticate themselves and communicate scope to the systems they interact with. Enterprises deploying agents that send email, execute code, or authorize transactions have had no standard mechanism for verifying agent identity or checking whether an agent’s instructions have been tampered with.
ATP uses Ed25519 signatures and supports delegation chains, revocation lists, and multisig configurations. A verifying system can confirm in real time who the agent is, what it is authorized to do, and whether its authority has been revoked. The specification carries 143 passing tests and is slated for submission to the Internet Engineering Task Force.
Lyrie is available for free on GitHub.
Must read:
- 25 open-source cybersecurity tools that don’t care about your budget
- GitHub CISO on security strategy and collaborating with the open-source community
Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!