A multi-agent based automated penetration testing method and system
By using a multi-agent structure and dynamic evaluation and scheduling of the plan generation module, the problems of insufficient evaluation of execution results and information interference in existing penetration testing are solved, achieving high efficiency, flexibility and high success rate in penetration testing, especially in multi-target scenarios.
Patent Information
- Authority / Receiving Office
- CN Β· China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- INSTITUTE OF INFORMATION ENGINEERING CHINESE ACADEMY OF SCIENCES
- Filing Date
- 2026-02-04
- Publication Date
- 2026-06-05
AI Technical Summary
Existing automated penetration testing systems lack the ability to evaluate the results of each stage and control the overall workflow. In scenarios with multiple targets or multiple potential vulnerabilities, information interference is severe, and the ability of the agent to call tools is limited, resulting in low penetration testing success rates and wasted resources.
The system adopts a multi-agent architecture, breaking down the penetration testing process into three types of tasks: information reconnaissance, vulnerability scanning, and vulnerability exploitation. These tasks are executed by dedicated agents, and a task list and tool invocation are generated through a plan generation module. Combined with a large language model to parse tool parameters, dynamic evaluation and scheduling are achieved.
It improves the reliability, efficiency, and accuracy of penetration testing processes, reduces invalid executions, enhances the ability to call user-defined tools, and improves the independence and overall success rate of multi-target testing.
Smart Images

Figure CN122153897A_ABST