DEV Community

Cover image for I built an AI that hacks you before real attackers do
Shirisha Uppoju
Shirisha Uppoju

Posted on

I built an AI that hacks you before real attackers do

#security #cybersecurity #webdev #ai

I asked myself: "What if an AI could think like a pentester and autonomously find attack chains across your entire infrastructure?"

So I built it.

The Problem

Security teams use 5-10 disconnected tools:

  • Web scanner ($50K+/yr)
  • Network scanner ($40K+/yr)
  • Code scanner ($30K+/yr)
  • A consulting firm for pentesting ($20K per engagement)
  • More tools for cloud, databases, compliance

Each tool sees one slice. None of them can answer: "If an attacker gets into my web app, can they reach my customer database?"

What I Built

ShieldGraph — a unified security platform with two features that don't exist anywhere else.

1. Autonomous AI Red Team

An AI agent that autonomously chains together 30 vulnerability scanners like a real hacker.

Here's what actually happens:

  • Step 1: AI runs port scanner - finds ports 80, 443, 5432, 6379
  • Step 2: AI reasons: "Port 5432 is PostgreSQL. Let me check the web app first"
  • Step 3: AI runs web header scanner - finds missing HSTS, no CSP
  • Step 4: AI runs API scanner - finds JWT accepting 'alg: none'
  • Step 5: AI reasons: "Critical! JWT bypass = forge admin tokens"
  • Step 6: AI runs directory scanner - finds /admin panel accessible
  • Step 7: AI reasons: "Admin panel + JWT bypass = full app compromise"
  • Step 8: AI runs database scanner - PostgreSQL accepts trust auth
  • Step 9: AI generates attack chain:

Web App -> JWT Bypass -> Admin Panel -> PostgreSQL -> Customer PII -> Risk: CRITICAL

The AI made 18 autonomous decisions in 3 minutes. A human pentester takes 2-3 weeks for the same work.

How the AI Agent Loop Works

The AI picks which scanner to run, we execute it, feed results back, and the AI decides the next move. It's an agentic loop with safety controls:

  • Max 50 steps per campaign
  • 30-minute timeout
  • Read-only probing (never exploits)
  • Only scans assets you own and verify

Each of our 30 scanners is wrapped as a tool the AI can call. The AI naturally thinks in attack chains: "I found X, so let me check Y" — exactly how a real hacker operates.

2. Infrastructure Digital Twin

Select any asset, click "Simulate" — see the attack blast radius spread visually through your infrastructure with real probabilities.

Web Server (COMPROMISED)
    |
    +-- 60% -> API Server (1 hop)
    |              |
    |              +-- 30% -> Customer Database with PII (2 hops)
    |
    +-- 15% -> Internal Dashboard (1 hop)
Enter fullscreen mode Exit fullscreen mode

We store the infrastructure as a graph with assets, vulnerabilities, and connections. Then run BFS with probabilistic edge weights based on CVSS scores and EPSS exploit probability data.

We also run Monte Carlo simulations (1,000 iterations) to answer real questions:

  • API compromised in 100% of simulations
  • Database compromised in 70.8% of simulations
  • Average assets reached: 1.71

This is what a CISO needs for board reporting — not a list of CVEs, but "there's a 70% chance an attacker reaches our customer database."

The Scanner Coverage

Not stubs. Real scanners that connect and check:

Category Count What It Scans
Web 13 XSS, SQLi, CORS, CSP, Headers, SSL, Directory, API Security, Subdomains
Database 8 PostgreSQL, MySQL, MongoDB, Redis, Elasticsearch, Oracle, MSSQL, Cassandra
Cloud 3 AWS (IAM/S3/EC2/CloudTrail), Azure (Storage/NSG/SQL), GCP (GCS/Firewall)
ERP 3 SAP RFC, Oracle EBS, Dynamics 365
Container 1 Docker (privileged mode, root, socket mount, image vulnerabilities)
Network 1 Port scan with banner grabbing and service detection
Agent 1 Lightweight binary for scanning private networks behind firewalls

Every finding gets:

  • CWE classification linked to MITRE
  • EPSS score — real exploit probability from FIRST.org
  • AI explanation in plain English
  • Risk score breakdown showing exactly why this score
  • Remediation steps with priority ranking

The Agent

Deploy a lightweight agent on your private network:

curl -fsSL https://api.shieldgraph.com/api/v1/agents/install.sh | sh
shieldgraph-agent --token YOUR_TOKEN
Enter fullscreen mode Exit fullscreen mode

It auto-discovers Docker containers, listening services, and network hosts — then scans everything:

  • Smart auto-discovery: 20 IPs (not 197K)
  • Discovered: 11 live hosts
  • Open ports: 31
  • Findings: 32
  • Scan time: 6 seconds

No manual configuration. No IP ranges to enter. The agent figures out what's running and scans it.

Compliance Reports in One Click

Generate PDF reports for:

  • OWASP Top 10 — map findings to OWASP categories
  • PCI DSS 4.0 — payment card security compliance
  • SOC 2 Type II — service organization controls
  • HIPAA — healthcare data protection

Each report includes executive summary, detailed findings, remediation roadmap, and compliance mapping.

What I Learned Building This

1. AI tool-use is perfect for security testing

The AI naturally thinks in attack chains: "I found a missing header, so let me check for injection. I found injection, so let me check what database is behind it." This is exactly how human pentesters think — but the AI does it in minutes, not weeks.

2. Graph databases are essential for attack path analysis

SQL can't efficiently answer "can an attacker reach asset Z from asset A through any path?" Graph traversal handles this natively with BFS/DFS.

3. Probabilistic simulation beats static scoring

CVSS alone is useless for decision-making. "This vulnerability has a 7.5 CVSS" means nothing to a CISO. But "there's a 70% chance an attacker reaches your customer database through this vulnerability" — that gets budget approved.

4. The mid-market is massively underserved

Enterprise security tools cost $50K-$200K+ per year. 90% of companies can't afford that. We deliver the same capabilities at $499-$2,999/mo. The AI Red Team alone replaces a $20K pentest engagement — and you can run it unlimited.

Pricing

Plan Price Assets Best For
Starter $499/mo 25 Small teams
Professional $1,499/mo 200 Mid-market
Enterprise $2,999/mo Unlimited Large organizations

14-day free trial. No credit card required.

Try It

shieldgraph.com

The AI Red Team alone would cost $20K+ from a consulting firm. We give it to you on-demand, unlimited, for a fraction of the cost.

We just launched on Product Hunt — I'd love feedback from the dev community. What features would you want to see next?

Drop a comment below or reach out on Twitter @shieldgraph.

Top comments (0)