Skip to content
← All casesAutonomous Agent PipelineAI

Autonomous Security-Recon Agent

A pipeline for authorized testing: recon → scan → out-of-band verification → triage, with a two-layer authorization gate (scope + rate) before any request

At a glance
Finding noise: 227 → 2 (−99.1%) via OOB verification

Founder, architect & solo developer

solo · solo

  • Python
  • LLM
  • Next.js
  • OOB verification
  • IDOR engine

Expand the deep-dive ↓

Problem

What doesn't work

Manual security testing doesn't scale: recon, scanning, verification and triage eat hours, and most findings are noise (false positives) that overload the human.

Solution

Architectural approach

An autonomous pipeline: recon → scanning → out-of-band verification (confirmation via an independent external channel, not the target's response) → triage. The LLM prioritizes findings rather than generating noise. A two-layer authorization gate hard-limits scope and rate before any outbound request — the agent physically cannot go beyond allowed targets.

My role & contribution

Founder, architect & solo developer

Designed and built the whole autonomous pipeline: an LLM 'brain' prioritizes findings, a two-layer authorization/compliance gate checks scope and rate limits before every request, an IDOR engine, out-of-band vulnerability verification, and a triage dashboard. Deployed; 168+ automated tests.

Ready to discuss?

If you need an architect who builds autonomous AI systems — reach out.

Serbia-based · CET/CEST timezone · EU-aligned working hours · International contracts experience