book

Agentic AI for Offensive Cybersecurity

Name: Agentic AI for Offensive Cybersecurity
Author: Orhan Yildirim
ISBN: 9781806114474

by Orhan Yildirim

February 2026

Intermediate to advanced

412 pages

10h 11m

English

Packt Publishing

Read now

Unlock full access

Preface
Free benefits with your book
Part 1: Fundamentals of Agentic AI
Chapter 1: Introduction to Agentic AI
What is agentic AI?External reconnaissance in traditional automation versus agentic AITraditional automationAgentic AIAgent-based thinking in cybersecurityReal-world benefits of autonomous agentsUnderstanding the pentesting life cycleAttack surface management in modern environmentsPCI segmentation and internal network testingComparing traditional tools with agentic AI approachesSummaryGet this book's PDF copy, code bundle, and more
Chapter 2: AI Frameworks for Security Automation
Overview of AI frameworks for security automationNo-code and code-first frameworksHow agentic AI fits into security automationLangChain – strengths and security use casesLangChain – strengths and challengesn8n – no-code automation for security professionalsOther notable tools – CrewAI, AutoGen, and beyondCrewAIAutoGenHow to choose the right tool for your use caseSummaryGet this book's PDF copy, code bundle, and more
Part 2: Building and Orchestrating AI Workflows
Chapter 3: Building Your First AI Workflow in n8n
Technical requirementSetting up n8n for agentic workflowsInstallation optionsBuilding a custom Docker image for security workflowsRunning it all with Docker ComposeAccessing n8n in your browserConnecting OpenAI and threat intelligence APIsThreat intelligence APIsStep 1 – Using AbuseIPDB for IP reputation analysisStep 2 – Querying VirusTotal for additional contextStep 3 – Filtering internet noise with GreyNoiseStep 4 – Enriching indicators with OTX (AlienVault Open Threat Exchange)Step 5 – Deep URL and behavior analysis with urlscan.ioDesigning your first recon bot with no-code agentsWhat you'll buildHow the flow will workImplementing a RAG system on n8nSecuring your agentic workflowWhat you should always doOptional, but strongly recommendedSummaryGet this book's PDF copy, code bundle, and more
Chapter 4: Agentic AI for Attack Surface Management
Building an agentic AI ASM workflowIntegrating Asset Discovery, Enumeration Fingerprinting, and Vulnerability DetectionStage 1 – Asset Discovery workflowSubdomain Enumeration flowStoring data in MongoDBIdentifying live domainsUpdating live subdomain records on MongoDBStage 2 – Enumeration FingerprintingHTTP Service DiscoveryPort ScanningStage 3 – Vulnerability DetectionStage 4 – Database Query AgentSummaryGet this book's PDF copy, code bundle, and more
Chapter 5: Internal Network and PCI Segmentation Testing
Technical requirementsWhat is PCI, what is segmentation, and why does it matter?Manual segmentation testing – traditional approachesTCP port scan (SYN)Alternative TCP port scan (TCP connect scan)UDP port scan (SYN)Building internal mapping workflows with agentic AIStep 1 – Workflow architecture and agent configurationStep 2 – Building the tool workflowStep 3 – Executing segmentation testsSummaryGet this book's PDF copy, code bundle, and more
Chapter 6: Web Application Testing with Agentic AI
Technical requirementsWhat is Model Context Protocol?Setting up the development environmentStep 1 – Create the project directoryStep 2 – Initialize the Node.js projectStep 3 – Install the required dependenciesStep 4 – Install the Playwright browserStep 5 – Create the TypeScript configurationStep 6 – Create the source code directoryDeveloping the browser automation toolStep 1 – Create the main fileStep 2 – Define global variables and server instanceStep 3 – Add tool definitionStep 4 – Implement the browser_navigate toolStep 5 – Implement the browser_get_content and browser_close toolsStep 6 – Add cleanup and startup codeStep 7 – Compile the projectIntegrating with Claude DesktopStep 1 – Locate the configuration fileStep 2 – Edit the configuration fileStep 3 – Restart Claude DesktopStep 4 – Test the integrationTroubleshootingIssue – Wrong Node.js version with nvmIssue – The "Cannot find module" errorIssue – Browser does not openIssue – The "fetch is not defined" errorUnderstanding the web application attack surfaceIdentifying entry pointsUnderstanding URL parametersMapping the attack surfaceDetecting XSS vulnerabilitiesUnderstanding XSS typesDetecting reflected XSSDetecting DOM-based XSSCreating a test environmentImplementing the DOM XSS scannerEvaluating our XSS detection toolsDetecting SQL injection vulnerabilitiesStep 1 – Payload list and error patternsStep 2 – Systematic test loopStep 3 – Report generationEvaluating the SQL injection detection toolSummaryGet this book's PDF copy, code bundle, and more
Part 3: Exploitation, Reporting, and Continuous Intelligence

Chapter 7: Exploitation, Payload Generation, and Reporting
Exploitation and payload generation integrationMCP tool design methodologies for vulnerability testingSeparate tool for each injection type (hardcoded payloads)Tool description enhancement usageLLM API integrationHybrid approachPure executionTool integration to browser MCPSQL injection testing methodologyIterative testing workflowVulnerability reporting with agentic MCP workflowsCore components of the reporting MCPMCPReportingServerReportGeneratorAvailable tools and their responsibilitiesEnd-to-end demo – Using the browser MCP and reporting MCP togetherSummaryGet this book's PDF copy, code bundle, and more
Chapter 8: Learning, Research, and CTI Agents
Technical requirementsBuilding a vulnerability research agentSetting up the CISA KEV integrationStep 1 – Adding the schedule triggerStep 2 – Fetching the KEV catalogStep 3 – Processing new entriesStep 4 – Adding loop controlStep 5 – Adding rate limit protectionStep 6 – Querying the NVD APIStep 7 – Extracting CVSS scoresStep 8 – Querying GitHub for PoCsStep 9 – Processing PoC resultsStep 10 – Adding the AI Agent nodeStep 11 – Configuring the agent's system messageStep 12 – Passing vulnerability data to the agentScraping and parsing data from trusted feedsIdentifying reliable sourcesBuilding the multi-feed scraper workflowStep 1 – Creating the triggerStep 2 – Defining feed sourcesStep 3 – Configuring the feed loopStep 4 – Fetching RSS contentStep 5 – Parsing RSS itemsStep 6 – Configuring the item loopStep 7 – Adding rate limit protectionStep 8 – Fetching full article contentStep 9 – Normalizing and extracting contentStep 10 – Completing the loop connectionsStep 11 – Adding the AI agentTesting the workflowUsing embeddings and vector stores for agent memorySelecting a vector storeDeploying Qdrant locallyCreating intelligence collectionsExtending the scraping workflow with embeddingsStep 1 – Adding the Qdrant Vector Store nodeStep 2 – Configuring the sub-nodesStep 3 – Completing the loop connectionStep 4 – Storing AI agent analysis in QdrantIntegrating research into testing workflowsUnderstanding the exposure assessment architectureUnderstanding Shodan's API access and configuring its API credentialsConfiguring Shodan API credentialsBuilding the Shodan tool sub-workflowCreating the exposure assessment agentTesting the exposure assessment agentAlerting and contextual prioritization of vulnerabilitiesBuilding a prioritization scoring modelConfiguring ntfy for push notificationsExpanding the vulnerability research agentStep 1 – Adding the Priority Calculator nodeStep 2 – Routing by priority levelStep 3 – Configuring the ntfy notification nodeStep 4 – Storing all results in Qdrant (optional)Testing the alerting workflowBuilding a CTI agentExploring the CTI agent architectureSetting up AlienVault OTX credentialsBuilding the collection workflowStep 1 – Adding the Schedule Trigger nodeStep 2 – Fetching OTX pulsesStep 3 – Parsing and categorizing IOCsStep 4 – Storing IOCs in QdrantBuilding the CTI query agentStep 1 – Adding the Chat Trigger nodeStep 2 – Configuring the AI Agent nodeStep 3 – Adding the Qdrant toolStep 4 – Connecting the workflowTesting the CTI agentOptimizing vector store data for AI agentsSummaryGet this book's PDF copy, code bundle, and more
Chapter 9: Scaling and Ethical Considerations
Architecting multi-agent workflow systemsUnderstanding agent coordination patternsSequential pipeline patternParallel execution patternEvent-driven patternDesigning for resilienceImplementing retry logicHandling partial failuresCircuit breaker patternWorkflow composition strategiesSub-workflowsWebhook triggersShared data storesCommunication protocols for agentic systemsModel Context ProtocolExtending MCP beyond browser automationCombining MCP with n8n for hybrid architecturesFuture protocol developmentsAgent-to-agent communicationHuman-to-agent interfacesProtocol selection considerationsBuilding a scalable pentest pipeline in n8nDefining pipeline stagesImplementing scope validationOrchestrating workflow executionScaling considerationsHorizontal scalingQueue-based processingContainer orchestrationManaging security, access control, and workflow governanceSecrets managementn8n credential storageExternal secrets managersCredential rotationAccess controlRole-based accessWorkflow approval processAudit loggingWhat to logImplementing logging in n8n workflowsCentralized loggingLog retention and securityUsing logs for continuous improvementChange managementVersion controlStaged rolloutsEthical and legal frameworks for autonomous security testingThe authorization imperativeElements of valid authorizationAutomated scope enforcementResponsible disclosureLegal frameworksComputer Fraud and Abuse Act (United States)General Data Protection Regulation (Europe)Industry-specific regulationsEthical principles beyond legal complianceDo no harmProportionalityTransparencyRespect for privacyProfessional developmentContribution to the communityThe future of agentic AI in offensive securityUnderstanding the current stateAnticipating near-term evolutionAdvancing reasoning capabilitiesExpanding tool ecosystemsImproving coordination frameworksEnvisioning transformative possibilitiesRealizing continuous autonomous assessmentAchieving adaptive testing intelligenceEnabling democratized security expertiseConfronting challenges and concernsAnticipating offensive weaponizationNavigating accountability complexityAddressing reliability and predictabilityManaging societal disruptionPreparing for coming changesSummaryGet this book's PDF copy, code bundle, and more
Chapter 10: Unlock Access to the Code Bundle and the PDF Version
Unlock this book’s free benefits in three easy stepsStep 1Step 2Step 3Need help?
Other Books You May Enjoy
Index

Content preview from Agentic AI for Offensive Cybersecurity

8 Learning, Research, and CTI Agents

Throughout this book, we have explored how agentic AI can transform security operations. In Chapter 3, we built our first n8n workflows for threat intelligence enrichment. In Chapter 6, we developed MCP-based tools for web application testing that required code-level control. Now, we return to the no-code approach with n8n, but with a significantly more ambitious goal: to build agents that can learn, research, and provide continuous cyber threat intelligence (CTI) without human intervention.

The security landscape generates an overwhelming volume of information every day. The National Vulnerability Database (NVD) publishes dozens of new Common Vulnerabilities and Exposures (CVEs) weekly. The Cybersecurity ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Agentic AI for Cybersecurity: Building Autonomous Defenders and Adversaries

Publisher Resources

ISBN: 9781806114474

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Agentic AI for Offensive Cybersecurity

by Orhan Yildirim

8

Learning, Research, and CTI Agents

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.