STUART: An Autonomous Hacker Agent Built in Python

What if you give a Python agent an IP address and ask it to find the server's vulnerabilities on its own? That's exactly what I did. In this talk I present STUART, an autonomous pentesting agent I built with AG2 (AutoGen) and GPT-4. The agent can analyze target systems without human intervention, following the first stages of the Cyber Kill Chain: reconnaissance and vulnerability identification. The architecture is 100% Python: an AssistantAgent backed by GPT-4 that reasons and plans, and a UserProxyAgent with a Code Executor that interacts directly with the target system. All orchestrated by AG2, the open-source framework for building multi-agent systems. The talk includes a live demo where STUART will analyze a vulnerable system deployed in Docker. You'll see step by step how the agent scans ports, identifies services, detects vulnerabilities, and reports findings—all autonomously, deciding for itself what to do at each step. You'll take away practical knowledge on how to build agents that act in the real world with AG2, and a concrete perspective on what offensive AI can do today. If a Python agent can find your vulnerabilities, how should defense teams prepare? All demonstrations are performed in controlled, ethical environments.