The first security agent that thinks like a hacker. Autonomously finds, exploits, and fixes vulnerabilities — with two AI agents battling over your code in real-time.
Two Claude AI instances with opposing objectives battle over your codebase in real-time. One attacks. One defends. You watch.
Not a wrapper around an API call. Deep AI-powered security analysis with real exploitation and automated remediation.
SQL injection, XSS, command injection, SSRF, path traversal, hardcoded secrets, dependency vulns, and config misconfigurations.
Docker-based sandbox runs your app in isolation. Real exploits execute against live containers with captured proof-of-concept output.
Maps dependency relationships across multiple repos. Identifies transitive attack vectors -- vulns in package A that create exploits in package B.
Not predefined payloads. The Red Agent analyzes your specific codebase and crafts bespoke attack scripts that adapt when defenses change.
Generates code patches for every finding. Creates GitLab issues with severity labels and opens merge requests with verified fixes.
Clone repos via GitLab API. Create issues, open fix branches, submit merge requests. Drop-in CI/CD pipeline template for any project.
Claude Agent SDK with custom MCP tools. Docker sandbox for safe exploitation. Concurrent adversarial agents via anyio task groups.
AI analyzes your codebase with static analysis, secret detection, dependency checking, and configuration auditing.
Docker sandbox spins up your app. AI generates custom exploit scripts and executes them against the live container.
Red Agent attacks while Blue Agent defends in real-time. Concurrent agents compete with live scoring.
Auto-generates patches, creates GitLab issues with severity labels, and opens merge requests with verified fixes.
Built on Claude Agent SDK with Model Context Protocol tools. Each agent gets a tailored security toolset.
Claude Agent SDK | +-- Red Agent (attacker) | +-- Scanner (static analysis, secrets, deps, config audit) | +-- Exploiter (SQLi, XSS, SSRF, auth bypass, path traversal) | +-- Custom Exploit Generator (AI writes bespoke attack scripts) | +-- Supply Chain Analyzer (cross-repo transitive vectors) | +-- Blue Agent (defender) | +-- Log Monitor (real-time container log analysis) | +-- Patch Deployer (live patching of running containers) | +-- WAF Rule Engine (runtime input validation) | +-- Patch Verifier (confirms fixes block attack vectors) | +-- Arena Orchestrator +-- Docker Sandbox (isolated exploitation environment) +-- Score Tracker (Red exploits vs Blue patches) +-- Rich Terminal Display (split-panel live output)
Most security tools scan for patterns. Helios thinks like a hacker.
| Capability | Traditional Scanners | Helios |
|---|---|---|
| Detection | Pattern matching | AI-powered contextual analysis |
| Verification | "You might be vulnerable" | "I just exploited this. Here's proof." |
| Exploitation | None | Sandbox with proof-of-concept |
| Defense Testing | None | AI vs AI adversarial battle |
| Supply Chain | Single repo | Cross-repository analysis |
| Custom Exploits | Predefined payloads | AI generates bespoke exploits |
| Cost | $15-50K / pentest | Your existing Claude subscription |
Tested against production GitLab-hosted projects. Every finding verified with proof-of-concept in Docker sandbox.
Built for the GitLab AI Hackathon with Claude Agent SDK and the Model Context Protocol.
Install Helios in seconds. No per-scan fees. No enterprise pricing.