Security Intelligence Framework · v1.x

ATHENA

Autonomous Tactical Hacking
& Exploration Network Agent

AI-Powered Multi-Agent Config-Defined LLM-Agnostic

M. Eiszner · 2025 · For authorized security testing only

01

Section One

The Vision

Democratizing advanced security testing through AI

About ATHENA

Security Testing,
Reimagined

AI-powered penetration testing framework
Multi-agent architecture — specialized agents collaborate autonomously
Dynamic phase management — orchestrated workflows
Discovers vulnerabilities, analyzes systems, executes sophisticated attack chains
Mirrors how human security teams operate — at machine speed and scale

Core Philosophy

Arbitrary Workflows.
Zero Lines of Code.

Define entire agent workflows through simple config files
No programming knowledge required — security teams, not developers
Break the paradigm of hardcoded, rigid security frameworks
Plug in any LLM provider — cloud or local — via single config
Event-driven architecture with full resume capability

02

Section Two

Components

Three layers, one unified framework

Component 01

athena — The Engine

The primary execution engine. Orchestrates workflow execution, manages agent lifecycles, and provides real-time terminal feedback.

External libs: litellm · langchain · rich · crawl4ai · fastapi
Internal modules: runner · agent_factory · llm_adapter · tool_executor · event_emitter
Event-driven architecture with full workflow resume
Configurable LLM providers via config
Tool validation middleware — prevents unsafe operations
Real-time output with Rich terminal renderer

Configuration & Execution

Command Line & LLM Setup

CLI · config

# Execute a workflow
$ athena \
    --workflow workflows/webapp  \
    --scope   scope/target      \
    --config  configs/config    \
    --run-id  pentest-2025-001

# config — plug in any OpenAI-compatible LLM
llm:
  provider:     openrouter    # or: openai, llama.cpp, anthropic
  model:        claude-3.5-sonnet
  api_key:      ${OPENROUTER_API_KEY}
  temperature:  0.7
  max_tokens:   4000

Component 02

FastAPI — Remote Control

RESTful API layer with real-time WebSocket streaming for remote assessment management and monitoring.

POST /api/run — start assessment remotely
WS /api/stream/{run_id} — real-time output
GET/PUT /api/workflows — full CRUD for configs
GET/PUT /api/agents · /api/scopes
Health monitoring · statistics · config management

Component 03

Web UI — Real-Time Monitor

Modern browser-based interface built with Alpine.js + Monaco Editor + Tailwind CSS for configuration and live monitoring.

Configure workflows via Monaco code editor
API saves configurations as config files on server
Initiate assessments with one click — API spawns subprocess
Real-time output streamed via WebSocket connection
Progress visualized live in the browser dashboard

03

Section Three

System Architecture

How all the pieces connect at runtime

System Overview

Full Component Architecture

Inputs

config

LLM · provider · params

scope

target definition

workflow

phase sequence

Engine

athena

execution core

Python 3.12

Coordinator

Orchestrator

manager · planner

no tool access

Agent Phases

RECON

OSINT · enumeration

SCAN

ports · vulns · services

EXPLOIT

attack chains

REPORT

findings · export

Tools

External

nmap · nikto · sqlmap

masscan · nuclei · ffuf

metasploit · hydra ···

Internal

fs · exec · research

web_crawl · http_req

Agent Model

Orchestrator-Led Execution

The orchestrator is a manager/planner LLM agent that assigns tasks between specialized phase agents — each phase runs a dedicated AI worker with its own toolset.

ORCHESTRATOR

Manager · Planner

Routes tasks, manages phase lifecycle, aggregates results

no tool access

PHASE 1

Recon Agent

Reconnaissance, OSINT, information gathering

internal + external tools

PHASE 2

Scan Agent

Port scanning, vulnerability scanning, service enum

nmap · nikto · masscan

PHASE 3

Exploit Agent

Vulnerability exploitation, attack chain execution

sqlmap · metasploit

PHASE 4

Report Agent

Findings aggregation, structured report generation

write_file · export

Live Demo

Workflow Execution
in Action

Orchestrator dispatches tasks to specialist agents
Agents call tools autonomously (nmap, http, etc.)
Results flow back to orchestrator for synthesis
Phase-to-phase handoffs when complete

Open Full Demo

Generic Pentest Workflow — Version 1.x showcase mode

Orchestration

Phases

04

Section Four

Use Cases

Three powerful deployment strategies

Use Case 01

Full-Blown Generic
Security Framework

Transform ATHENA into a universal security testing platform capable of handling any target type or vulnerability class.

Challenges to address:

Massive effort for comprehensive guardrails
Preventing LLM hallucinations in critical decisions
Ensuring output accuracy and completeness
Managing complexity across diverse scenarios

Use Case 02

Highly Specialized
Workflows

Purpose-built assessment frameworks for specific technologies or attack surfaces — narrow scope, maximum effectiveness.

Example: WordPress Security Tester

reconnaissance-agent — enumerate WP installations
scanning-agent — plugin/theme vulnerability detection
wordpress-analyzer — deep plugin analysis
wordpress-exploiter — targeted exploitation

Use Case 03

Human-in-the-Loop
Approach

Balance automation with human expertise — implement strategic checkpoints where the system requests expert guidance before proceeding.

Intervention points:

Pre-defined milestones — e.g., before exploitation phase
When agent confidence is low or ambiguous
Critical decisions requiring human approval
When agent appears to be losing focus or looping

05

Section Five

The LLM Challenge

Choosing the right AI brain for the mission

Cloud LLMs

GPT-4 · Claude · Gemini

ADVANTAGES

State-of-the-art capabilities

Zero infrastructure required

Instant scalability

Regular model updates

CHALLENGES

Safety filters active — no abliteration

High cost at scale — $$$

Data privacy concerns

API rate limits

Local LLMs

llama.cpp · Venice · Local

ADVANTAGES

Complete data privacy

No API costs after setup

Can be uncensored / abliterated

No rate limits · offline capable

CHALLENGES

Extremely resource hungry

150B+ parameters recommended

Powerful GPU infrastructure needed

Fine-tuning on cybersec data costly

LLM Integration

Supported Provider Matrix

Provider	Type	Config Value	Best For	Status
OpenRouter	Cloud Gateway	`openrouter`	Access 100+ models via single API	Recommended
OpenAI	Cloud	`openai`	GPT-4 / GPT-4o deployments	Supported
Anthropic	Cloud	`anthropic`	Claude 3.5 Sonnet — strong reasoning	Supported
llama.cpp	Local	`llama.cpp`	Privacy-first, uncensored models	150B+ param needed
Venice AI	Local proxy	`venice`	Uncensored cloud execution	Supported
Any OpenAI-compat	Any	custom base_url	Custom deployments / vLLM	Pluggable

Framework Stats

ATHENA by the Numbers

∞

Workflow Configurations

config-driven · no limit

∞

LLM Models Supported

any OpenAI-compat API

∞

Security Tool Integrations

nmap · nikto · sqlmap ···

0

Lines of Code Required

pure config — no dev needed

3

Interface Layers

CLI · API · Web UI

∞

Agent Phases per Workflow

unlimited · define any chain

“

Enable the creation of arbitrary workflows that leverage any number of AI agents without writing a single line of code.

— ATHENA Core Philosophy · M. Eiszner · 2025

ATHENA · AI Security Framework

Authorized Use Only.

ATHENA is designed exclusively for authorized security testing.
Always obtain proper written authorization before testing any systems.

About Product ...