InfoSecBulletin Cybersecurity for mankind
A new open-source cybersecurity tool named CyberSentinel AI v3.0 has come out. It is an important step in self-operated security tools. It combines 33 tools for testing and understanding threats with an AI system that works with Claude, GPT-4o, and OpenRouter, and it can work offline using Ollama.
CyberSentinel AI is different from regular AI security helpers that only give advice. It runs tools like Nmap, SQLMap, Nikto, Nuclei, and OWASP ZAP in a safe Kali Linux Docker environment. Then, it uses AI to check the results right away.
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
F5 Patches NGINX Flaw for Code Execution and DoS Attacks
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
The platform can be found on GitHub at 3sk1nt4n/cybersentinel-ai. It is made to run completely on local systems without needing any cloud services.
The setup uses Docker Compose and includes seven container services. A Next.js frontend on port 3000 provides a chat interface, while a FastAPI backend on port 8000 takes care of AI tasks, understanding intents, and managing tools.
Security scans run in a safe Kali container, so risky actions stay separate from the main system.
The AI layer is backed by three data parts. Neo4j helps map knowledge graphs of attack surfaces and MITRE ATT&CK techniques. ChromaDB acts as a Retrieval-Augmented Generation engine based on MITRE, CIS, and NIST frameworks. Elasticsearch with Kibana works as an ELK Stack SIEM with pre-set security events for training log analysis.
The agentic execution model lets the AI understand what users want, choose the right tools by itself, and use up to five tools at the same time. It then combines the results into one analysis, which is an important move towards better security automation.
CyberSentinel AI with 33 Security Tools
The platform organizes its toolset across six functional categories:
Live Scanners (11): Nmap, Nikto, Nuclei, SQLMap, Subfinder, OWASP ZAP, SSL/TLS analysis, DNS Recon, WHOIS, HTTP Headers, and Ping/Traceroute
Threat Intel APIs (5): Shodan, VirusTotal, AbuseIPDB, AlienVault OTX, and NVD/CISA KEV integration
SIEM Integration (3): ELK Stack, Splunk, and Wazuh connectors
AI Detection (5): Zeek Analyzer, IOC Extractor, Log Analyzer, Threat Detection, and Email Phishing Analyzer
Threat Hunting (4): YARA Rules, Sigma Rules, Snort/Suricata Rules, and SIEM Query Generator
Compliance (5): MITRE ATT&CK, MITRE ATLAS, NIST/CIS, HIPAA/PCI-DSS, and SOC 2/FedRAMP frameworks
One key feature of CyberSentinel is its ability to switch AI providers in the middle of a chat. Users can change between Anthropic Claude, OpenAI GPT-4o, OpenRouter (which gives access to over 100 models), and Ollama with qwen2.5:7b running locally, without losing the chat’s context. Users can choose to enter API keys, but the platform works completely offline using Ollama as the main processor.
Live threat intelligence comes from NVD, CISA KEV, EPSS, AlienVault OTX, and Abuse.ch, keeping details on weaknesses up to date without needing manual changes.
