Strix connects AI agents, pentesting toolchains, and developer workflows to fill gaps that static scanners leave in dynamic validation and business-logic testing.
What Is Strix?
Strix is an open-source AI penetration testing tool. It is not a traditional static scanner—it is a set of AI pentesting agents that explore attack surfaces in controlled environments, validate vulnerabilities, and produce reproduction materials and remediation suggestions.
What Problem Does It Solve?
Traditional security testing has two common pain points: static scans produce too many false positives, and manual pentests take too long. Strix combines AI agents, dynamic execution environments, and pentesting toolchains to make security testing closer to real attack paths.
It focuses on three questions:
- Is the issue actually exploitable?
- How can it be reproduced in an authorized environment?
- How should it be fixed or mitigated?
Use Cases
- Application Security Testing: detect and validate critical vulnerabilities in applications.
- Rapid Penetration Testing: shorten authorized pentest cycles and generate reports.
- Bug Bounty Automation: support bounty research with PoCs and reproduction steps.
- CI/CD Integration: run security tests on pull requests or deployment pipelines.
- Dynamic validation complement: pair with SAST, dependency scanning, and container scanning to cover runtime and business-logic testing.
Scope and Authorization
Strix may only be used on applications, repositories, domains, and environments you own or have explicit authorization to test. Do not scan unauthorized targets. A safer path is to validate output, cost, runtime, and false-positive rates in local repos, test repositories, or staging first.
Before You Install
You typically need:
- Docker, with the daemon running.
- An API key for a supported LLM provider (OpenAI, Anthropic, Google, etc.).
- A clearly defined test target and authorized scope.
- A local directory for scan results.
On first run, Strix pulls a sandbox Docker image automatically. Results are saved under paths like:
strix_runs/<run-name>
Install and First Scan
The official README recommends running the install script:
curl -sSL https://strix.ai/install | bash
Configure an AI provider, for example:
export STRIX_LLM="openai/gpt-5.4"
export LLM_API_KEY="your-api-key"
Scan a local codebase:
strix --target ./app-directory
Scan a remote GitHub repository:
strix --target https://github.com/org/repo
Scan an authorized web application:
strix --target https://your-app.com
Start with a single service, repository, or staging domain—don’t expand scope too quickly.
Advanced Scanning
Strix supports extra instructions for agents—useful for gray-box testing, authenticated testing, business-logic tests, and scoped assessments.
Example:
strix --target https://your-app.com \
--instruction "Perform authenticated testing using provided test credentials."
Target both a code repository and a running environment:
strix -t https://github.com/org/app -t https://your-app.com
Set scan mode:
strix --target ./app-directory --scan-mode standard
Focus on specific risk classes:
strix --target api.your-app.com \
--instruction "Focus on business logic flaws and IDOR vulnerabilities."
Put complex rules in a file:
strix --target api.your-app.com --instruction-file ./instruction.md
In PR workflows, scan only the diff against a base branch:
strix -n --target ./ --scan-mode quick --scope-mode diff --diff-base origin/main
Headless Mode
Headless mode fits CI/CD:
strix -n --target https://your-app.com
In this mode, the CLI prints findings in real time and outputs a final report before exit. If vulnerabilities are found, it exits with a non-zero code so pipelines can block merges or releases.
GitHub Actions Integration
Strix can run in GitHub Actions for lightweight security checks on pull requests. Core steps:
- Check out the repository.
- Install Strix.
- Read
STRIX_LLMandLLM_API_KEYfrom GitHub Secrets. - Run a quick scan.
Example workflow:
name: strix-penetration-test
on:
pull_request:
jobs:
security-scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Install Strix
run: curl -sSL https://strix.ai/install | bash
- name: Run Strix
env:
STRIX_LLM: ${{ secrets.STRIX_LLM }}
LLM_API_KEY: ${{ secrets.LLM_API_KEY }}
run: strix -n -t ./ --scan-mode quick
Store API keys in GitHub Secrets—never commit them to the repository.
Configuration
Common environment variables:
export STRIX_LLM="openai/gpt-5.4"
export LLM_API_KEY="your-api-key"
export LLM_API_BASE="your-api-base-url"
export PERPLEXITY_API_KEY="your-api-key"
export STRIX_REASONING_EFFORT="high"
You can also persist settings in:
~/.strix/cli-config.json
Choose models by task: quick scans favor speed and cost; full authorized pentests favor reasoning, context handling, and stable tool use.
Vulnerability Coverage
Strix covers OWASP Top 10 and broader application security issues, including:
- Broken Access Control: IDOR, privilege escalation, authentication bypass.
- Injection Attacks: SQL injection, NoSQL injection, OS command injection, SSTI.
- Server-Side Vulnerabilities: SSRF, XXE, insecure deserialization, RCE.
- Client-Side Attacks: XSS, prototype pollution, CSRF, and more.
- Business Logic Flaws: race conditions, payment manipulation, workflow bypass.
- Authentication & Session: JWT, session, and credential-related risks.
- Infrastructure & Cloud: misconfigurations, exposed services, cloud security issues.
- API Security: broken authentication, mass assignment, rate-limit bypass.
The goal is not lint-style checks—it spans source code, runtime behavior, APIs, and business logic.
Agentic Pentesting Tools
Strix agents ship with a security testing toolchain for dynamic validation in authorized environments:
- HTTP Interception Proxy: intercept, modify, and analyze requests and responses.
- Browser Automation: automate browsers for frontend and auth-flow testing.
- Shell & Command Execution: sandboxed validation and reproduction support.
- Custom Exploit Runtime: Python sandbox for writing and verifying PoCs.
- Reconnaissance & OSINT: attack-surface mapping, subdomain enumeration, fingerprinting.
- Static & Dynamic Code Analysis: SAST plus DAST.
- Vulnerability Knowledge Base: structured findings with CVSS and OWASP classification.
Unlike rule-only scanners, agents combine tools, test hypotheses, and build reproduction paths.
Strix Platform
Beyond the open-source CLI, Strix offers a platform that connects repositories and domains with:
- One-click autofix: turn AI-generated security patches into mergeable PRs.
- Continuous pentesting that follows deployments.
- DevSecOps integrations: GitHub, GitLab, Bitbucket, Slack, Jira, Linear, CI/CD.
- Codebase adaptation from historical findings to reduce false positives over time.
CLI is enough for local validation; teams needing continuous scanning, collaboration, reporting, and enterprise integration may prefer the platform.
Enterprise Capabilities
Enterprise emphasizes compliance, deployment, and customization:
- Compliance reporting for SOC 2, ISO 27001, PCI DSS, and similar frameworks.
- VPC or self-hosted deployment.
- AI pentesting agents tailored to enterprise environments.
- Better fit for teams with audit, data-boundary, and internal security process requirements.
Recommendations
- Run only in authorized, isolated environments—start with local repos or staging.
- Define scope, test accounts, exclusion paths, and rate limits explicitly.
- In CI/CD, start with quick scans before expanding scope.
- Keep API keys, test credentials, and provider config in a secure secret store.
- Do not treat AI output as the final security verdict—have engineers or leads review critical findings.
- Code-review and regression-test remediation suggestions to avoid new business risk.
Summary
Strix connects AI agents, pentesting toolchains, PoC validation, and developer workflows. It complements traditional scanners—especially for dynamic validation, business logic, and fast security feedback in CI/CD.
Treat Strix as an AI security testing assistant: it helps teams find verifiable issues faster and produce reproduction steps and fix suggestions; your team still owns risk decisions, code review, and release.