Getting Started
PentestLoop uses evolutionary red-teaming to find weaknesses in AI agents. Here's how to run your first adversarial campaign in three steps.
Register Your Agent
Connect your AI agent so PentestLoop can test it. Supports HTTP APIs, CreatorsAGI Envoy, or use the built-in mock agent to try it out without a real target.
- •HTTP API — Any AI agent with a REST endpoint. Send a message, get a response.
- •Mock Agent — Built-in simulated agent for exploring PentestLoop risk-free.
- •Envoy — CreatorsAGI AI Envoy integration for testing deployed companions.
Configure a Campaign
Set up an adversarial test run. Choose what to test (security, quality, compliance), how large the attack population should be, and how many generations to evolve.
- •Population Size — How many attack strategies compete each generation.
- •Max Generations — How many evolution cycles to run.
- •Test Dimensions — Security (injection, leakage), Quality (hallucination, reasoning), Compliance (policy, bias).
Launch & Monitor
Watch as PentestLoop evolves attacks in real time. The fitness chart shows how effective attacks become over generations, and vulnerabilities are flagged as they're discovered.
- •Fitness chart tracks attack effectiveness over generations.
- •Generation browser lets you inspect individual attacks and conversations.
- •Vulnerabilities are categorized by severity — critical, high, medium, low.
Try It Now — Run a Demo Campaign
Don't have an agent to test yet? Run a demo campaign against our built-in mock agent. It simulates a sales AI with configurable vulnerabilities — no API keys or real agents needed. You'll see real evolutionary red-teaming with conversations, scoring, and vulnerability detection.