Build Your AI-Powered Penetration Testing Scheme with DeepSeek + Agent: An NSFOCUS Practice

Build Your AI-Powered Penetration Testing Scheme with DeepSeek + Agent: An NSFOCUS Practice

fevereiro 20, 2025 | NSFOCUS

Dilemma of Traditional Automated Penetration Testing

Penetration testing has always been the core means of offensive and defensive confrontation for cybersecurity. However, traditional automatic penetration tools face three major bottlenecks: lack of in-depth understanding of business logic, insufficient ability to detect logical vulnerabilities, and weak ability to link vulnerabilities. Although the passive scanning engine can efficiently detect basic vulnerabilities (such as XSS and SQL injection), its effect is far inferior to that of manual penetration test in complex business scenarios. With the explosion of DeepSeek, GPT, Llama, Gemini, Claude and many more large language models (LLMs), penetration testing has officially entered the “AI Era”. Through deep integration with traditional tools, it has ushered in a big leap in efficiency and intelligence.

AI Reconstructing Penetration Test Paradigm

DeepSeek R1 and other LLM, combined with the multi-agent collaboration framework, empower penetration test with three core capabilities:

1. In-depth understanding of business logic

The traditional crawler can only traverse page links, while the website test AI Agent can simulate human operations: clicking buttons, filling in forms, jumping to pages, and even identifying page elements based on visual models, accurately covering more than 90% of business functions. For example, in the test of e-commerce platform, AI Agent can automatically complete the whole process interaction of user registration, product browsing, order placing and payment, and import traffic into NSFOCUS EZ (a NSFOCUS in-house passive scanning engine), thus thoroughly solving the problem of low coverage rate of traditional tools.

2. Dynamic cognition of vulnerability linkage

Through the collaboration of decision-making AI Agent and action execution AI Agent, the system has a closed-loop capability of “thinking-decision-execution”. For example, when weak password vulnerabilities are spotted by NSFOCUS EZ, the decision-making AI Agent will dispatch an unauthorized test Agent and automatically compare the privilege of different accounts using browser sandbox (Steel) to locate unauthorized risk points. This dynamic planning capability upgrades vulnerability detection from “single-point scanning” to “global attack and defense deduction”.

3. Intelligent breakthrough of logical vulnerabilities

For business logic vulnerabilities (such as privilege bypass, order tampering, etc.), traditional tools are ineffective.  AI Agent can automatically identify business logic vulnerabilities (such as backend management portals and API key configuration pages) based on visual models and historical interaction records, and simulate multi-role operations to verify logical defects.

NSFOCUS Practice

DeepSeek (Orchestrator) + Agent + Traditional Tools = Ultimate Solution

NSFOCUS early attempts show that the efficiency and quality of penetration testing relying solely on LLM to generate payloads or simply calling tools are not ideal. After a series of attempts, NSFOCUS finds out that a converged architecture of “intelligent decision-making + rule engine” should be the best approach for AI-powered penetration testing.

Technical Architecture:

  • Execution layer: NSFOCUS EZ is responsible for basic vulnerability detection, Browser-Use drives browser interaction, and Steel sandbox ensures environmental isolation.
  • Scheduling layer: As the Orchestrator, DeepSeek-R1 analyzes scanning results, page content, and historical data in real time, and dynamically schedules test Agents.

Multi-Agent collaboration

  • Website Testing Agent: Simulate user operations and cover business scenarios;
  • Override Test Agent: Compare permission differences based on visual models;
  • Report Generation Agent: Automatic output of reports in HTML/Word/JSON format.
  • … …

Significant Improvement in Efficiency

  • Boost time-cycle for DevSecOps: “DeepSeek + agent + tools”  works 24/7 and complete the testing job that would originally take several days or even weeks into just a few hours.
  • Scale: “DeepSeek + agent + tools” can be easily expanded to process massive tasks such as large websites and complex systems.
  • Resource optimization: The intelligent scheduling Agent can dynamically adjust the priority of scanning tasks, allocate computing resources and traffic more accurately, thus saving up to 30% resources.
  • Human resources efficiency: Penetration testers can be free from tedious and repetitive work, focus on high-level vulnerability analysis, exploitation and mitigation guidance, and improve the value output of the overall security team.

Significant Improvement in Accuracy

DeepSeek + Agent ‘s cognitive ability of intelligent business logic and the standardization of penetration testing process significantly improve the accuracy and coverage of vulnerability detection.

  • In-depth understanding of business logic: DeepSeek + Agent can simulate real user behaviors, understand the deep business logic of websites, and accurately reach function points that are difficult to be covered by traditional tools, such as complex transaction processes and permission management systems, thus greatly improving the coverage rate of functions from 60% to 95%.
  • Logical vulnerability breakthrough: Based on the visual model and interaction history, DeepSeek + Agent can intelligently identify sensitive functions and potential logical vulnerabilities, such as permission bypassing, unauthorized access, payment logic defects, etc., which effectively makes up for the deficiencies of traditional tools in logical vulnerability detection.
  • Standardize the penetration test process and reduce the influence of human factors: The DeepSeek + Agent can solidify the best penetration test practices, avoid missing vulnerabilities caused by inexperienced or negligent penetration testers, ensuring that even inexperienced penetration testers can complete high-quality penetration test tasks with the help of the AI, thus improving the quality and consistency of overall penetration tests.

Dynamic vulnerability linkage and context awareness: The scheduling agent can analyze the scanning results and page contents in real time, make intelligent decisions based on historical data, and dynamically schedule different test  Agents for vulnerability linkage testing. For example, after finding weak password vulnerabilities, it immediately links with unauthorized test Agents for deep mining to form an attack and defense deduction capability of “single-point breakthrough and whole linkage”, which greatly improves the depth and breadth of vulnerability detection.

Will the Penetration Tester be Replaced by Deepseek + Agent?

Deepseek + Agent are not replacing penetration test engineers, but freeing them from repetitive work. Through the planning capability of DeepSeek-R1 and the efficient implementation of EZ tools, the system can realize:

  • 24/7 continuous testing
  • Real-time update of vulnerability knowledge base: Automatically learn the latest attack methods based on large models
  • Zero blind area: visual model combined with multi-Agent cooperation, eliminating human negligence

The Ultimate Form of Penetration Testing: “Man-Machine Symbiosis”

The integration of DeepSeek + Agent and traditional tools marks the transition from “mechanization” to “intelligence” in penetration testing. Through DeepSeek intelligent scheduling and browser sandbox technology, NSFOCUS has demonstrated the great potential of  DeepSeek + Agent in business understanding, vulnerability linkage, and logical breakthrough. Get ready to embrace DeepSeek + Agent technology, intelligent penetration will become a new defense line for enterprise security.