A multi-agent based automated penetration testing method and system

By using a multi-agent structure and dynamic evaluation and scheduling of the plan generation module, the problems of insufficient evaluation of execution results and information interference in existing penetration testing are solved, achieving high efficiency, flexibility and high success rate in penetration testing, especially in multi-target scenarios.

CN122153897APending Publication Date: 2026-06-05INSTITUTE OF INFORMATION ENGINEERING CHINESE ACADEMY OF SCIENCES

Patent Information

Authority / Receiving Office
CN Β· China
Patent Type
Applications(China)
Current Assignee / Owner
INSTITUTE OF INFORMATION ENGINEERING CHINESE ACADEMY OF SCIENCES
Filing Date
2026-02-04
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing automated penetration testing systems lack the ability to evaluate the results of each stage and control the overall workflow. In scenarios with multiple targets or multiple potential vulnerabilities, information interference is severe, and the ability of the agent to call tools is limited, resulting in low penetration testing success rates and wasted resources.

Method used

The system adopts a multi-agent architecture, breaking down the penetration testing process into three types of tasks: information reconnaissance, vulnerability scanning, and vulnerability exploitation. These tasks are executed by dedicated agents, and a task list and tool invocation are generated through a plan generation module. Combined with a large language model to parse tool parameters, dynamic evaluation and scheduling are achieved.

Benefits of technology

It improves the reliability, efficiency, and accuracy of penetration testing processes, reduces invalid executions, enhances the ability to call user-defined tools, and improves the independence and overall success rate of multi-target testing.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122153897A_ABST
    Figure CN122153897A_ABST
Patent Text Reader

Abstract

The application discloses a kind of based on multi-agent's automated penetration testing method and system, belong to information security and penetration testing technical field.The present application is to solve the problems of lacking each stage execution evaluation and overall workflow control in the existing automated penetration testing, multi-target scene information interference and the limited ability of agent tool calling, through the information reconnaissance agent for user input initialization information collection service information, based on service information configuration vulnerability scanning agent carries out vulnerability detection, and based on potential exploitation information configuration vulnerability exploitation agent executes the multi-agent cooperation process of vulnerability exploitation operation.The present application can realize the automatic closed-loop control of penetration testing process, improve the independence and accuracy of multi-target test, and enhance the adaptation ability of system to professional tools.
Need to check novelty before this filing date? Find Prior Art