Privacy in security work isn’t optional. Sending client data to a cloud-based AI to assist with penetration testing defeats the purpose entirely. That concern is what started Halo.
Halo is an autonomous penetration testing agent that runs 100% locally using Gemma 4 through LM Studio. No external API calls. No subscriptions. No data leaving your machine. Just your hardware, your model, and your target.
The agent orchestrates 22 security tools autonomously — nmap, sqlmap, nikto, hydra, gobuster, subfinder, nuclei and more — with an LLM deciding in real time what to run, what findings mean, and what to pursue next. One word initiates the entire engagement: engage.
What makes this project interesting beyond the tooling is that it is being built in real time by someone still actively learning to code. Call it vibe coding with a purpose — learning Python, studying cybersecurity concepts, and building something functional and serious simultaneously. The learning and the building are happening at the same time, and honestly that has shaped the architecture in ways a more traditional approach might not have.
Halo documents its findings, assigns risk levels, and produces clean reports without manual intervention. It is still actively being developed and improved, but it is fully functional and finding real vulnerabilities today.
If you are working in security and privacy matters to you, this was built with that in mind.
Halo is still actively being developed and improved daily. If something here sparks an idea, a question, or an itch to contribute — the repository is open and the discussions are live. Pull requests are genuinely welcome. So are opinions, critiques, and suggestions. If you think there’s a better way to approach something in the architecture, say so. That kind of collaboration is exactly how something good becomes something great.
If you want to follow along as this develops, I post updates here and keep the GitHub current. There is always something new happening on this project.
This is where ideas come alive and problems get solved.
Top comments (1)
Just posted this on Hacker News if anyone wants to join the discussion:
news.ycombinator.com/item?id=48725906