Pulse
Problem
Penetration testing is largely manual, and most automated tools send target data to third-party cloud services — a non-starter in security-critical environments.
Approach
A LangGraph state machine scans a web or repository target, picks the relevant security tools, and runs them in sequence. An LLM reads the raw output, builds a MITRE ATT&CK–aligned exploit graph, and writes a structured vulnerability report. Everything runs on local Ollama models, streamed live to a Next.js and FastAPI interface.
Challenges
Coordinating non-deterministic model output with deterministic security tooling required strict state management and guardrails, delivered under a zero-data-leakage constraint and a 24-hour deadline.
Outcome
A fully offline pipeline that won first place at BirmingHack 2.0 for Best Use of AI Agents on Arm.