DEV Community

Kunal
Kunal

Posted on • Originally published at kunalganglani.com

AI Pentesting Agents: How Mythos AI Is Teaching LLMs to Hack (With DARPA's Blessing) [2026]

#aipentesting #aiagents #offensivesecurity #cybersecurity

AI Pentesting Agents: How Mythos AI Is Teaching LLMs to Hack (With DARPA's Blessing) [2026]

A startup called Mythos AI just built an autonomous AI pentesting agent that reasons about software vulnerabilities the way a human hacker does. And DARPA, the agency that helped invent the internet, is paying attention. Mythos AI is one of seven finalists in DARPA's AI Cyber Challenge (AIxCC), a multi-million-dollar competition designed to answer a question the cybersecurity industry has been tiptoeing around: can AI actually do offensive security?

I've been tracking the AI-in-security space closely, and most of what I've seen is incremental. Better scanners, fancier dashboards, pattern matching dressed up with a "powered by AI" badge. Mythos is attempting something fundamentally different. They're building an agent that doesn't just scan. It thinks.

What Is an AI Pentesting Agent and Why Does It Matter?

An AI pentesting agent is an autonomous system that uses large language models to perform offensive security operations — discovering, analyzing, and exploiting software vulnerabilities — without constant human direction. The difference between this and a traditional vulnerability scanner is the difference between a spell-checker and a writer. Scanners check known patterns against known databases. An AI pentesting agent reasons about code, forms hypotheses about where bugs might live, and attempts to prove those hypotheses by actually exploiting them.

As Alex T. Nguyen, CEO of Mythos AI, described in the company's announcement blog post, the goal is to create a system that can "reason like a human penetration tester" rather than just pattern-matching against a list of known CVEs. The founding team comes from AI research and competitive hacking (capture-the-flag competitions), which shapes how they think about what "attacking" actually looks like in practice.

The cybersecurity industry has a massive talent gap. There aren't enough skilled penetration testers to go around. Organizations that can't afford top-tier security talent — which is most of them — rely on automated scanners that miss entire categories of vulnerabilities. An agent that can bridge that gap isn't a nice-to-have. It's a necessity.

Having worked on systems where security was always the thing that got pushed to "next sprint," I can tell you firsthand: most teams don't skip security because they don't care. They skip it because thorough penetration testing is expensive, slow, and hard to staff. If an AI agent can handle even 60% of what a junior pentester does, that changes the economics of application security overnight.

How Mythos AI Uses LLMs for Offensive Security

The core of Mythos AI's approach is using LLMs not as a lookup table but as a reasoning engine. Traditional security tools operate on signatures — they know what a SQL injection looks like because someone wrote a rule for it. Mythos AI's agent reads code, builds a mental model of how the application works, and identifies where assumptions in the code could be violated.

The competitive hacking background of the founding team is what makes this click. In CTF competitions, the vulnerabilities are novel by design. You can't Google the answer. You have to understand the system deeply enough to find the flaw yourself. That's the kind of reasoning Mythos is trying to encode into an LLM-based agent.

The technical approach chains together multiple capabilities: code analysis, hypothesis generation, exploit construction, and verification. The agent doesn't just flag a potential issue. It attempts to build a working exploit, which is how you separate a real vulnerability from a false positive. If you've ever dealt with the output of a static analysis tool that flags 500 "critical" issues, 480 of which are noise, you know exactly why this distinction matters.

Nguyen has framed this as moving beyond "simple scanners to AI agents that can think and act like human security researchers." Ambitious claim. But DARPA selecting Mythos as one of only seven finalists in the AIxCC competition suggests they're making real progress.

For those interested in how AI agents are being architected more broadly, the Mythos approach is a sophisticated ReAct-style agent: observe, reason, act, iterate. The key difference is that the action space is adversarial. The agent isn't filling out a form. It's trying to break things.

DARPA's AI Cyber Challenge: What's Actually at Stake

DARPA's AI Cyber Challenge isn't a hackathon. It's a structured, multi-phase competition designed to push the boundaries of autonomous cybersecurity. DARPA announced the seven finalists, with Mythos AI among them, competing for millions in prize money. The semifinal round took place at DEF CON 32 in August 2024, with the final round scheduled for DEF CON 33 in August 2025.

A few things stand out about AIxCC. The sheer scale of investment signals that the U.S. defense establishment views autonomous cyber capabilities as a strategic priority. And the competition structure requires AI systems to not only find vulnerabilities but also patch them. That's a much harder problem.

When DARPA puts millions of dollars behind a technology category, it's not because they think it's cute. It's because they think it's critical to national security.

Pertti Kohonen, DARPA's program manager for AIxCC, described the competition as testing whether AI can "automatically find and fix software vulnerabilities at machine speed." That framing — find AND fix — is the part people should pay attention to. The defensive application is just as significant as the offensive one.

I've seen enough security vulnerabilities in production systems to know that the patch side is where the real value lives. Finding bugs is glamorous. Fixing them before attackers find them is what actually keeps systems safe.

Can AI Actually Replace Human Penetration Testers?

Short answer: no. Longer answer: it doesn't need to.

The "AI vs. human pentesters" framing is wrong. The right question is: "AI + human pentesters vs. the current reality where 90% of organizations can't afford proper pentesting at all."

AI pentesting agents are already good at systematic analysis of large codebases. They're consistent — they don't get tired at 3 AM. They iterate through hypothesis-test cycles fast. And they can find novel instances of known vulnerability classes that signature tools would miss.

What they're still bad at: creative lateral thinking, understanding business logic flaws that require deep domain knowledge, social engineering, and making judgment calls about what actually matters versus what's technically exploitable but practically irrelevant.

Daniel Miessler, a well-known security researcher and creator of the AI-augmented security framework Fabric, has argued that AI will "dramatically lower the floor for security testing quality" while the ceiling still requires human expertise. I think that's exactly right. The best penetration testers in the world aren't going anywhere. But the baseline level of security testing available to the average company is about to go way up.

From my experience building production systems, the vulnerabilities that actually get exploited are rarely the clever zero-days. They're the boring ones. Misconfigured permissions. Unvalidated inputs. Secrets committed to repos. An AI agent that systematically catches the boring stuff would prevent the vast majority of real-world breaches. That's not sexy, but it's correct.

The Ethics of AI Pentesting Agents: Are We Building Hacking Tools?

Let me just say it plainly: yes, an AI system that can find and exploit vulnerabilities is, definitionally, a hacking tool. The same technology that helps a company find its own vulnerabilities could help an attacker find them first. This tension isn't new. Metasploit, Burp Suite, Nmap — all of these can be used offensively or defensively. The cybersecurity industry has always lived with this.

What's different with AI agents is scale. A human attacker probes one target at a time. An AI agent can probe thousands simultaneously. That asymmetry is new and worth taking seriously.

Nguyen has positioned Mythos AI's technology as fundamentally defensive in purpose — helping organizations find their own vulnerabilities before attackers do. DARPA's involvement reinforces this, since the AIxCC explicitly requires autonomous patching alongside vulnerability discovery.

But let's be honest about the security implications of giving AI systems adversarial capabilities. The genie is out of the bottle. Multiple teams, not just Mythos, are building these capabilities. The question isn't whether AI pentesting agents will exist. It's whether defenders will adopt them fast enough to stay ahead of attackers who are already using LLMs to find vulnerabilities.

The legal side is straightforward. AI-driven security testing falls under the same frameworks as traditional pentesting: you need authorization to test a system. Using an AI agent to probe a system without permission is just as illegal as doing it manually. The tool doesn't change the law. But it does change the enforcement challenge considerably.

What This Means for the Future of Cybersecurity

Mythos AI and the broader category of AI pentesting agents are about to shift the economics of an entire industry. Not in the "press release says revolutionary" way. In the quiet way where pricing models change and hiring patterns shift and suddenly your board is asking why you're not using AI for security testing.

Here's my prediction: within two years, every major cloud provider will offer some form of AI-powered vulnerability discovery as a built-in service. The standalone pentesting engagement — hire a team for two weeks to poke at your application — won't disappear, but it becomes the premium tier of a market where AI handles the baseline. Companies like Mythos AI are building the technology that makes that shift possible.

The DARPA AIxCC results will be a major signal. If the finalist systems can reliably find and patch real-world vulnerability classes, it validates the whole approach. If they struggle with anything beyond toy problems, it tells us we're further from production-ready AI pentesting than the hype suggests.

Either way, DARPA, competitive hacking veterans, and serious AI researchers are all converging on this problem. And in my experience, that kind of convergence usually means something real is happening. The boring answer is the right one: AI won't replace security professionals. But security professionals who use AI will replace those who don't. If you're building anything that touches production, now is the time to pay attention.

Originally published on kunalganglani.com

Top comments (0)