Home / AI Trending / PurpleAILAB/Decepticon

Decepticon — What is it?

Decepticon is an AI-powered autonomous red team testing framework designed to simulate realistic attack chains for cybersecurity defense.

⭐ 3,246 Stars 🍴 621 Forks Python Apache-2.0 Author: PurpleAILAB
Source: README View on GitHub →

Why it matters

Decepticon is gaining attention due to its unique approach to red teaming, leveraging AI to execute complex attack chains with discipline and isolation, addressing the gap in realistic red teaming tools and showcasing innovative use of AI in cybersecurity.

Source: Synthesis of README and project traits

Core Features

Autonomous Attack Chains

Decepticon simulates realistic attack chains, including reconnaissance, exploitation, privilege escalation, lateral movement, and command and control, mimicking the behavior of real adversaries.

Source: README
Engagement Package Generation

Before any action, Decepticon generates a comprehensive engagement package with rules and objectives, ensuring disciplined operations.

Source: README
Sandbox Isolation

All commands run in a Kali Linux sandbox on a dedicated operational network, isolating the management plane from the sandbox environment.

Source: README
Model and Provider Flexibility

Supports a tier-based, credentials-aware fallback chain with various AI models and providers, allowing for flexible configuration.

Source: README

Architecture

Decepticon features a two-network design with management services on 'decepticon-net' and sandbox operations on 'sandbox-net'. It uses a knowledge graph for persistent findings and employs a Docker-based architecture for containerization and isolation.

Source: README + Code tree

Project Knowledge Graph

Knowledge graph: project (center) + core features (inner hexagons) + key dependencies (outer chips) pydantic langchain-core langchain-openailangchain-open… langgraph neo4j Autonomous Attack ChainsAutonomous Attack C… Engagement Package GenerationEngagement Package… Sandbox Isolation Model and Provider FlexibilityModel and Provider… Decepticon Project Core feature Key dependency

Center: project; inner ring: core feature modules; outer ring: key dependencies. Auto-generated from core_features and tech_stack.key_deps.

Tech Stack

LanguagePythonFrameworkLangChain, LangGraph, Neo4j
Key dependencies
pydanticlangchain-corelangchain-openailanggraphneo4j
Infrastructure / Deployment
Docker, Docker Compose
Source: Dependency files + code tree

Quick Start

curl -fsSL https://decepticon.red/install | bash decepticon onboard decepticon
Source: README Installation/Quick Start

Use Cases

Decepticon is suitable for cybersecurity professionals, red teamers, and organizations looking to simulate realistic attack scenarios for defense improvement. It is useful for penetration testing, security audits, and offensive security training.

Source: README

Strengths & Limitations

Strengths

  • Strengths: Realistic attack simulation, AI-driven automation, robust sandboxing, comprehensive engagement packages

Limitations

  • Limitations: Requires Docker and Docker Compose, not supported on native Windows, may require significant setup and configuration
Source: Synthesis of README, code structure and dependencies

Latest Release

v1.0.24 (2026-05-09): Refactor middleware tools and harden OPPLAN persistence

Source: GitHub Releases

Verdict

Decepticon is a promising project for cybersecurity professionals seeking advanced red teaming capabilities with AI integration. It is particularly suited for teams looking to enhance their offensive security capabilities and simulate complex attack scenarios with discipline and isolation.

Source: Synthesis
Transparency Notice
This page is auto-generated by AI (a large language model) from the following public materials: GitHub README, code tree, dependency files and release notes. Analyzed at: 2026-05-22 23:19. Quality score: 85/100.

Data sources: README, GitHub API, dependency files