Skip to main content
← All articles
security

Keygraph and Shannon: an AI pentester that runs real exploits

Keygraph and Shannon: an AI pentester that runs real exploits

I keep a folder of "AI will replace X" bookmarks that never pan out. Keygraph's Shannon is the first security tool in a while that made me open the folder, then quietly move it somewhere more permanent. It is an autonomous, white-box AI pentester: point it at a running app and its source code, and it doesn't just flag theoretical issues, it tries to break in and proves the ones it can.

Let me be precise about what Keygraph actually is, because the name suggests knowledge graphs or SEO and it is neither. Keygraph Inc. is a San Francisco AppSec company (founded 2024, led by ex-Lattice engineer Varun Sivamani) building a "continuous agentic pentesting" platform. The open-source piece everyone is talking about is Shannon.

What it does differently

Most scanners I've suffered through are SAST tools that drown you in "potential" findings. Shannon's pitch is static-dynamic correlation: it builds a code property graph (AST, control flow, data flow), reasons over it with an LLM, then executes a real exploit against the live app to confirm the vulnerability is reachable.

It only reports what it can actually demonstrate. A proof-of-concept exploit instead of a paragraph of maybe.

It covers the usual suspects, SQL injection, XSS, SSRF, auth and authorization bypass. On the source-aware, hint-free XBOW benchmark, Keygraph reports Shannon solving 100 of 104 challenges (96.15%), which is well above the DAST tools I've used. Benchmarks are benchmarks, but that's a striking number.

How you actually run it

This is where it feels built by developers rather than a sales team. It's an npm package driven by Docker; your repo gets mounted read-only into an ephemeral container.

npx @keygraph/shannon setup
npx @keygraph/shannon start \
  -u https://staging.your-app.com \
  -r /path/to/your-repo

Practical notes from the docs and reviews:

  • Needs Docker and Node 18+, plus AI provider credentials, Anthropic's Claude is the officially supported path.
  • A full scan runs roughly 1 to 1.5 hours.
  • It's free software (AGPL-3.0), but the LLM calls aren't, expect something like $40-55 in API credits per scan depending on app complexity.

The caveats I'd actually worry about

A tool that autonomously executes exploits is exactly as scary as it sounds, and the README doesn't pretend otherwise. It mutates application state, so you run it against staging or disposable environments, never production, and only against systems you own or have written authorization to test.

  1. It wants your crown jewels. Cisco Talos flagged this bluntly: Shannon needs source code, repo layout, and API keys. That's a real liability to weigh, not a checkbox.
  2. Prompt injection is a live risk. The maintainers explicitly warn against pointing it at untrusted codebases, a hostile repo could steer the agent.
  3. White-box only. It needs source, so it's not a black-box assessment, and reviewers note it's weaker on business-logic bugs. LLM findings still occasionally want a human sanity check.

Where the money is

Shannon is the open-source loss-leader; the commercial Keygraph platform is the continuous version, an enhanced Shannon running in a hardened, orchestrated environment with deduplicated findings, AI-authored patches, Jira sync, dashboards, and self-hosted deployment in AWS, GCP, or Azure. Public pricing isn't listed, so I won't guess. The company is VC-backed (Pear VC, Urban Innovation Fund, angels including Lattice's CTO), which appears to be funding the generous open-source tier and a community program for startups and nonprofits.

My take

As a full-stack dev who is not a pentester, this is the appealing bit: I could realistically wire a Shannon scan into a staging pipeline and get exploit-proven findings instead of a report I'll ignore. I'd be careful, sandboxed target, scoped API keys, eyes on the output. But "prove it, don't just warn me" is the right default, and it's rare to see it shipped as something you can `npx` today.

Watch it work in Keygraph's own demo before you decide:

Links

BM
Blue Moose
The moose behind Blue Moose. Full-stack PHP developer — Drupal by day, Symfony by night, tests always.