HOSTILE AGENT · BY PLUGGIECOMING SOON

Attack your own system.
Before someone else does.

Hostile Agent is an autonomous security-testing agent you point at your own application, API or MCP server. It actively tries to do what it shouldn't — and hands you the report.

no pricing yet · no screenshots yet · it isn't built yet — that's the point of a waitlist
AUTHORIZED USE ONLY

Hostile Agent is a defensive tool for authorized security assessment — the agent-era equivalent of a pentest platform. It runs against systems you own or are explicitly authorized to test, with scoped credentials you provide. Finding your gaps before attackers do is the entire product.

/ PROBES

What it tries, so you don't find out later

Adversarial by construction: it chains real requests against your running system and reports every rule that bends.

P-01Permission bypassEscalation via claims, role confusion, gate ordering, anonymous-path leaks.
P-02Business-rule breakingNegative prices, impossible states, skipped workflow transitions, constraint edge cases.
P-03Dangerous tool chainsBenign-looking MCP tool sequences that compose into something you never intended.
P-04Authorization gapsCross-org access, owner-row tampering, field-level write leaks, IDOR patterns.
P-05Data exfiltrationOver-broad projections, expand/include leaks, search surfaces that say too much.
P-06Destructive triggersUnconfirmed destructive paths, purge without disclosure, cascade surprises.
P-07Retry & replay abuseIdempotency gaps, double-spends, webhook replays, race-window exploitation.
P-08Findings, reportedEvery probe ends in a structured report: reproduction, severity, suggested fix.
built with AgentX?Natural pairing: build the backend with AgentX, then prove it holds up with Hostile Agent.

Be first on the target list. Yours.

Join the waitlist and we'll write when there's something real to point at your staging environment.