T3MP3ST Safety Framework With 35 Instruments, Turns AI Coding Brokers Into 0-Day Bug Hunters


A newly launched open-source safety framework known as T3MP3ST is popping general-purpose AI coding brokers like Claude Code, OpenAI’s Codex, and Hermes into autonomous red-teaming operators with out requiring new API keys, cloud infrastructure, or extra billing.

Constructed by researcher elder-plinius, T3MP3ST acts as a multi-agent orchestration layer fairly than delivery its personal mannequin, coordinating a number of agent cases by way of a reconnaissance-to-exploit-to-report kill chain.

Customers level the framework at a certified goal by way of a web-based “Warfare Room” interface or CLI, and the AI coding agent already operating on their machine turns into the operational mind driving the mission.

The framework is described as “keyless warfare,” leveraging current agent periods as a substitute of demanding separate supplier keys, and it enforces egress-scope containment so networked instruments robotically refuse to the touch off-scope public hosts.

T3MP3ST Safety Framework

T3MP3ST claims a 90.1% move@1 rating on XBOW’s 104-challenge XBEN suite, a black-box benchmark that XBOW itself self-reports at roughly 85%, with each resolve graded in opposition to a dedicated flag oracle {that a} “verify-claims” command recomputes on demand for reproducibility. On Cybench, a 40-task tutorial benchmark, the framework’s single-agent ReAct loop hit 23/40 hint-free solves.

Extra notably, on a held-out set of 10 actual CVEs disclosed in 2026 throughout seven programming languages, a single agent pinned 8 of 10 vulnerabilities to the precise file, line, and CWE classification, whereas the broader instrument pack surfaced all 10 outcomes the builders body as directional given the small pattern measurement however significant as a result of the bugs postdate the mannequin’s coaching cutoff, ruling out memorization

The framework’s design maps an 8-operator kill chain Recon, Scanner, Exploiter, Infiltrator, Exfiltrator, Ghost, Coordinator, and Analyst onto MITRE ATT&CK ways and the Cyber Kill Chain, although solely the recon engine and single-agent exploit loop are at present benchmarked and secure and can be cloned from GitHub.

Downstream operators run the identical tool-backed reasoning loop as recon however stay labeled as experimental, since end-to-end coordinated-swarm exploitation hasn’t but been validated at scale.

Area Standing
Net apps (XBEN suite) Secure, benchmarked
CTF challenges (Cybench) Secure, benchmarked
Embedded/OT/robotics OSS Pipeline secure, coordinated disclosure
Supply code (white-box) Experimental, Python-only ingest
Good contracts (DeFi) Experimental, copy solely
Cloud, cell, AD, binary RE Roadmap/in improvement

Safety researchers on platforms like Reddit’s blueteamsec neighborhood have flagged the discharge as notable for autonomous red-teaming, monitoring it alongside broader business momentum towards AI-driven safety tooling.

This follows associated developments reminiscent of Anthropic’s Mythos model, which XBOW individually evaluated as considerably enhancing vulnerability-led era and source-code safety evaluation, chopping false negatives by 42% in comparable exploit benchmarks.

The builders spotlight that T3MP3ST is strictly for approved testing, analysis, and schooling, launched below the AGPL-3.0 license with no guarantee. Unauthorized use in opposition to methods with out specific written permission stays unlawful in most jurisdictions, and duty for staying inside authorized and rules-of-engagement boundaries rests completely with the operator.

 Strengthen Your SOC by Accelerating Risk Detection & Fast Investigations. -> Integrate ANY.RUN With Your SOC Now.