The accelerating field of AI Agents that use Large Language Models (LLMs) holds immense potential for the automation of various highly complex tasks. Penetration testing and ethical hacking is a very complex activity that requires both depth and breadth of knowledge as well as a high degree of adaptability. This paper explores the feasibility of utilizing AI agents for completely autonomous penetration testing and ethical hacking within the confines of the popular "Hack the Box" challenge. Weconsider three different agent architectures based on how agents are constructed and how they converse with each other: a simple two-agent model, a central coordinator model, and a team-lead based model.
Additionally, we explore agents that use online closed-source LLMs versus agents backed by locally run open-source LLMs contrasting the advantages and disadvantages of both. Finally, the paper examines the ethical and security considerations surrounding the use of LLMs for autonomous penetration testing and suggests guidelines for responsible implementation.