Build your first Offensive Security AI Agent

November 12th, 2025 | Bucharest

Let’s demystify how AI agents are built!

This workshop introduces experienced pentesters to AI agent development, focusing on hacking automation that incorporates contextual decision-making.

You’ll develop a straightforward AI agent using popular frameworks with support for ChatGPT, Claude, Gemini or local models through Ollama. 

This 6-hour workshop targets intermediate to advanced penetration testers comfortable with Python scripting. No AI experience necessary – we’ll cover the fundamentals of agent architecture while building practical tools. 

You’ll leave with working examples, reusable templates, and understanding of how AI can enhance your existing testing workflows through intelligent automation.

Why is this workshop relevant?

AI is transforming cybersecurity, but most penetration testers are still using static scripts that can’t adapt to dynamic environments. This workshop fills a gap by teaching how to build agents that make contextual decisions during testing – something traditional automation can’t achieve.

Unlike theoretical AI discussions, this is purely hands-on: you’ll build working tools that can analyze reconnaissance data, adapt web application attacks based on responses, and select appropriate exploits intelligently. 

As organizations rapidly adopt AI for defense, offensive security professionals who can leverage intelligent automation will have a competitive advantage. 

Workshop agenda

  • Welcome and workshop overview 
  • Environment setup: AI frameworks, API keys, and local models 
  • Core agent architecture and components 
  • Prompt engineering for security contexts 
  • Live demo: Basic agent with simple tools 
  • Designing context-aware reconnaissance agents
  • Hands-on: Implementing automated information gathering 
  • Dynamic parameter testing with AI guidance 
  • Hands-on: Building web app attack tools
  • Agent response analysis and payload adaptation 
  • CVE selection and exploitation automation 
  • Hands-on: Participants build custom exploit tools 

About the trainers

EDUARD AGAVRILOAE

Cybersecurity researcher with 9+ years experience specializing in AWS offensive security.

Author of three open source cloud exploitation tools, creator of four hacking workshops, and DEFCON speaker.

Currently Director of R&D at OFFENSAI, developing AI-powered automatic cloud pentesting platforms.

ANDREI AGAPE

Ten years of experience as web developer & cybersecurity consultant. OSCP/CRTP/CARTP/CISSP. Previous speaker at OWASP/Disobey/SEC-T.

Passionate about Web/API/AI hacking with a weak spot for reverse engineering & automation. Founder at tripla.dk and sqrsec.com

Who is it for?

Primary Audience: 

Intermediate to advanced penetration testers and offensive security professionals who want to enhance their testing workflows with intelligent automation.

Ideal Participants:

  • Penetration testers seeking to automate repetitive decision-making tasks
  • Red teamers looking to enhance their tool arsenal with AI capabilities
  • Security consultants who perform regular vulnerability assessments
  • Bug bounty hunters interested in scaling their testing approaches
  • Security researchers exploring AI applications in offensive security

Not Suitable For:

Complete beginners in penetration testing, those uncomfortable with command-line tools, or participants seeking purely defensive AI applications.

Key learning objectives: 

Build AI agent architectures: understand the core components of an AI agent system, including tool integration, prompt engineering for security contexts, and managing model interactions across different LLM providers (OpenAI, Anthropic, Gemini, Ollama)

Develop AI-powered reconnaissance and exploitation tools: write practical Python tools that leverage AI for information gathering, web application parameter testing, and vulnerability exploitation with dynamic payload generation

Apply AI agent patterns to existing pentest methodologies: understand how to enhance traditional testing workflows with intelligent automation while maintaining security best practices and avoiding common AI-related mistakes

Other information & prerequisites

Required Skills:

  • Intermediate experience with web application and network penetration testing methodologies
  • Comfortable with Python scripting (able to read, modify, and write basic scripts)
  • Familiarity with common vulnerability classes and exploitation techniques
  • Understanding of HTTP protocols and basic networking concepts

No Prior AI Experience Required: The workshop covers AI fundamentals from a practical perspective, focusing on implementation rather than theory.

Technical requirements for attendees:

  • Personal laptop with minimum 8GB RAM (16GB recommended)
    • If you choose to use local models, please ensure you follow the recommended specs depending on the model. For example:
      • Ollama 7B models: minimum 8GB RAM
      • Ollama 13B models: minimum 16GB RAM
      • Ollama 33B+ models: 32GB+ RAM
      • Recommended models via Ollama:
        • Llama 3.1 8B or higher
        • Mistral latest 7B
      • Test the speed of the local model to ensure it is satisfactory
  • Multi-core processor (Intel i5/AMD Ryzen 5 or equivalent)
  • At least 1GB free disk space (this does not include the space required if you opt for using local models)
  • Network connectivity (internet access will be provided)
  • Python 3.9 or higher with uv package manager (https://docs.astral.sh/uv/) for installing Python dependencies and running Python packages
  • Git for version control
  • Code editor or IDE with Python support (Cursor, VS Code, PyCharm, or similar)
  • Docker Desktop (for containerized vulnerable environments)
  • Ollama installed locally (if you plan to use local models)
    • Even if using a local model, I recommend having as backup an API key for ChatGPT, Claude or Gemini with at least 5$ in credits in case the local model will either run too slow or it will not follow the given instructions
  • Terminal/command-line access
  • OpenAI API key with available credits (optional – for ChatGPT integration)
  • Anthropic API key with available credits (optional – for Claude integration)
  • Gemini API key with available credits (optional – for Gemini integration)
  • While other types of AI models APIs might be possible to integrate, support outside these during the workshop is limited 
  • Windows 10/11, macOS 14+, or Linux (Ubuntu 20.04+ recommended)
  • Administrative privileges to install software packages
  • If you plan using a VM, ensure you are able to start/access docker images from inside the VM and that internet connection is available if you plan on using online models

Workshop materials and vulnerable target environments will be provided. Participants must bring their own laptops – shared or borrowed machines may have configuration limitations.

Estimated Workshop Duration: 6 hours

Language of Instruction: English if non-Romanian speakers are present, otherwise Romanian.

Participation fee: EUR 250

FAQs

If we do not meet the minimum number of participants, you can either transfer to another workshop and pay or receive a refund for any difference in price, or opt for a full refund. You will be notified in advance and given options to choose what works best for you.

The workshop price covers food. However, accommodation is not included, but we can recommend nearby options for your convenience.

Yes, full refunds are available up to 15 days before the workshop start date. However, if you cancel after that, we can offer only 50% of the price.

You will receive an email with all the necessary details, including the workshop location, prerequisites, and schedule, at least one week before the event. If you have any immediate questions, feel free to reach out to us directly.