# Aikido Pentest

## What is Aikido Pentest

Aikido Pentest is an agentic, AI-powered penetration testing platform that performs deep, realistic security assessments in a fraction of the time of a traditional pentest.

It uses hundreds of autonomous agents that behave like top-tier red teamers; discovering, exploiting, and validating vulnerabilities across your applications, APIs, and infrastructure.

Instead of waiting weeks for manual reports, you get actionable results within hours, complete with validated findings, proof-of-concepts, and remediation guidance.

### Core principles

* **Built by world-class hackers:** designed to think and act like them, but safe and repeatable.
* **Scalable & continuous:** run tests on demand, or continuously with each release.
* **Full visibility:** every request, exploit, and finding can be observed live.
* **Actionable output:** results are validated and prioritized, ready for developers to fix.

## How it works

Aikido Pentest performs a full penetration testing workflow using intelligent agent coordination.

### 1. Discovery

The system maps all features, endpoints, and APIs of your application, either by scanning (black-box) or analyzing your code and OpenAPI specs (white-box).

Examples include endpoints like password reset, account deletion, or file uploads.

### 2. Exploitation

Hundreds of agents are dispatched to focus on specific areas, simulating a wide range of real-world attack techniques. To view the comprehensive list of vulnerabilities and attack vectors covered during this phase, please refer to [this](https://help.aikido.dev/~/revisions/SGhJfnCIOpxRjx1gC1k5/pentests/what-issues-can-aikido-pentest-find) page.

### 3. Validation

Each finding is validated using additional agents to eliminate false positives and confirm exploitability.

You get verified vulnerabilities, each with:

* Attack type and severity level
* CVE or CWE references (if applicable)
* Example request/response data
* Developer-ready remediation steps

### 4. Report

When Aikido Pentest finishes validation, it produces a single, detailed report that combines an executive overview with developer-first, actionable findings. The report is designed so security, engineering and compliance teams can all act on it immediately.

## What it’s not

Aikido Pentest complements, but doesn’t replace, all forms of security testing.

It is not:

* A social engineering or physical security assessment.
* A guarantee that *all* vulnerabilities are found