AI Agents
RaSEC's agentic AI framework enables autonomous security testing through specialized agents that collaborate, learn, and adapt to provide comprehensive security assessments.
Estimated reading time: 18 minutes
Table of Contents
Overview
RaSEC's agentic AI framework transforms security testing from reactive tool execution to proactive, intelligent security automation. Instead of manually running individual tools, agents collaborate autonomously to perform comprehensive security assessments.
The framework consists of specialized agents, each with specific capabilities, that can plan multi-step security assessments, learn from past findings, and coordinate with other agents to provide comprehensive security analysis.
Key Capabilities: Autonomous planning, multi-agent coordination, long-term memory, adaptive learning, and comprehensive security assessment orchestration.
Architecture
The agentic framework follows a hierarchical architecture with three main layers:
Orchestration Layer
The Agent Orchestrator manages agent lifecycle, routes tasks to appropriate agents based on capabilities, and coordinates multi-agent workflows.
- Task queuing and priority management
- Agent capability matching
- Workflow execution
- State machine management
Planning Layer
The ReAct Planner implements reasoning and acting loops, enabling agents to plan multi-step security assessments autonomously.
- ReAct (Reasoning + Acting) pattern
- Multi-step planning
- Goal evaluation and progress tracking
- Adaptive replanning
Memory Layer
The Memory System provides agents with learning capabilities through episodic, semantic, and procedural memory.
- Episodic memory (vector-based finding storage)
- Semantic memory (knowledge graph)
- Procedural memory (learned action sequences)
- Similarity search and retrieval
Core Components
Agent Orchestrator
Routes tasks to appropriate agents based on capability matching. Manages agent lifecycle, handles failures, and coordinates multi-agent workflows.
Message Bus
Enables inter-agent communication through pub/sub messaging. Agents can request assistance from other agents, share findings, and coordinate actions.
Task State Machine
Tracks task execution through states: PENDING → QUEUED → RUNNING → COMPLETED/FAILED. Supports pausing, retrying, and cancellation.
Workflow Engine
Executes multi-step security assessments by chaining agent tasks. Handles dependencies, parallel execution, and error recovery.
Finding Correlator
Deduplicates findings from multiple agents, identifies attack chains, and correlates related vulnerabilities.
Confidence Calibrator
Calibrates vulnerability confidence scores based on historical accuracy, reducing false positives.
Available Agents
RaSEC includes specialized agents for different security testing domains:
DAST Agent
Performs dynamic application security testing. Analyzes running web applications for vulnerabilities, misconfigurations, and security weaknesses.
SAST Agent
Performs static application security testing. Analyzes source code for security vulnerabilities and insecure coding patterns.
Headers Agent
Analyzes HTTP security headers (CSP, HSTS, X-Frame-Options, etc.) and provides recommendations for improvement.
DOM XSS Agent
Performs static data flow analysis on JavaScript to identify DOM XSS vulnerabilities by tracing sources to sinks.
Validation Agent
Validates vulnerability findings, reduces false positives, and provides proof-of-concept payloads for confirmed vulnerabilities.
Reporting Agent
Generates comprehensive security reports, correlates findings from multiple agents, and provides executive summaries.
Recon Agent
Performs reconnaissance activities including subdomain discovery, technology detection, and public information gathering.
Exploit Agent
Develops and tests exploit payloads for identified vulnerabilities, validates exploitability, and provides proof-of-concept code.
Memory System
The Memory System enables agents to learn from past experiences and improve over time. It consists of three types of memory:
Episodic Memory
Vector-based storage of past security findings and scan results. Enables similarity search to find related vulnerabilities and learn from historical patterns.
- Stores vulnerability findings with embeddings
- Similarity search using k-means clustering
- LRU eviction for memory management
- Context retrieval for related findings
Semantic Memory
Knowledge graph storing relationships between vulnerabilities, technologies, attack patterns, and mitigation strategies. Enables inference and knowledge reasoning.
- Graph-based knowledge representation
- Relationship inference
- Pattern recognition
- Contextual knowledge retrieval
Procedural Memory
Stores learned action sequences and successful strategies. Agents can recall and reuse effective approaches from past assessments.
- Action sequence storage
- Success pattern recognition
- Strategy suggestion
- Adaptive workflow learning
Planning & Reasoning
The ReAct Planner implements a reasoning and acting loop that enables agents to plan multi-step security assessments autonomously:
ReAct Pattern
The planner follows a Thought → Action → Observation loop:
- Reason: Analyze current state and determine next action
- Act: Execute selected action (e.g., run DAST scan)
- Observe: Record results and update state
- Reflect: Evaluate progress and replan if needed
Goal Evaluation
The planner tracks progress toward security assessment goals, detects loops, and adapts strategies based on findings.
Multi-Step Planning
Agents can plan complex workflows such as: Recon → DAST → SAST → Validation → Reporting, with each step informed by previous results.
API Usage
Execute agent-based security assessments via the API:
Execute Agent Assessment
POST /api/agentsExecute a multi-agent security assessment with autonomous planning:
{
"goal": "Comprehensive security assessment of https://example.com",
"strategy": "comprehensive", // or "quick"
"agents": ["dast", "sast", "headers"], // optional: specific agents
"useMemory": true,
"maxSteps": 10
}Response:
{
"assessmentId": "uuid",
"status": "running",
"steps": [...],
"findings": [...],
"memory": {...}
}Use Cases
Comprehensive Security Audit
Agents autonomously plan and execute a full security assessment, coordinating multiple tools and correlating findings into a comprehensive report.
Continuous Learning
Agents learn from past scans, improving accuracy over time and reducing false positives through memory-based pattern recognition.
Adaptive Testing
Agents adapt their testing strategy based on discovered technologies and vulnerabilities, focusing efforts on high-risk areas.
Next Steps
Learn more about using RaSEC's security testing capabilities: