Phase 2 Agents
From Data to Intelligence
Phase 1 produces raw reconnaissance data — port lists, vulnerability alerts, HTTP headers, directory listings, code analysis results, and dependency reports. Phase 2 is where this data becomes intelligence. P4L4D1N AI agents ingest the Phase 1 output, reason about what it means, identify what to investigate further, and validate findings with actual exploit attempts.
The transition from Phase 1 to Phase 2 is the transition from scanning to pentesting.
How Agents Receive Phase 1 Data
When Phase 1 completes, TurboPentest builds a comprehensive tool result summary. For each of the 14 tools, the system collects the stdout output (the actual scan results), truncates excessively large outputs to 4,000 characters per tool, and formats everything into a structured document with each tool's results under its own heading.
This compiled summary becomes part of the system prompt for every P4L4D1N agent. Each agent receives the full reconnaissance data — not just the portions relevant to its specialty. This is intentional: a Web App Agent needs to see infrastructure data because an open management port might expose an admin panel, and an Infrastructure Agent needs to see web scan data because a web misconfiguration might reveal internal network topology.
The Agent Loop
Each P4L4D1N agent operates in a time-budgeted loop. The orchestrator assigns each agent a deadline and a wrap-up signal time (typically 80% of the total duration). The agent then cycles through the following steps:
- Read the blackboard — Check what other agents have found so far and whether any leads have been posted that require this agent's attention.
- Read user directives — Check the chat channel for any guidance the human operator has provided (such as "focus on the admin panel" or "skip TLS findings").
- Analyze and reason — Call the LLM with the full context (tool outputs, blackboard state, leads, directives) and produce structured findings.
- Post findings — Each validated finding is posted to the shared blackboard with full details: title, severity, description, proof of exploit, remediation guidance, affected URL, and a Docker retest command.
- Post leads — When the agent discovers something outside its specialization, it posts a lead suggesting which specialist should investigate.
- Repeat or wrap up — If the wrap-up signal has been sent or the deadline has passed, the agent provides its final summary and exits. Otherwise, it waits briefly (to avoid rate limiting) and loops back to step 1.
This loop-based architecture means agents are not one-shot analyzers. They iterate, building on what they and other agents have found. An agent's second pass is informed by leads from other specialists and by the growing picture on the blackboard.
System Prompts Drive Specialization
Every P4L4D1N agent runs on the same underlying LLM (Claude Sonnet 4.6). What differentiates agents is their system prompt. The system prompt contains:
- Role definition — What type of specialist this agent is (Web, API, Infrastructure, etc.)
- Focus areas — The specific vulnerability classes this agent should prioritize
- Assignment — The orchestrator's specific instructions for this scan
- Tool outputs — The full Phase 1 reconnaissance data
- Response format — A structured JSON schema for findings and leads
The system prompt acts like a job description. Just as a human pentester with expertise in API security would focus on IDOR, authentication flaws, and rate limiting when reviewing scan data, the API Agent's system prompt directs it to focus on those same areas.
Structured Output
Agents produce structured JSON responses containing two arrays: findings and leads.
Each finding includes the agent's role, a title, severity rating (critical/high/medium/low/info), detailed description, the source tool that provided the initial evidence, the vulnerability type, proof of exploit, remediation guidance, the affected URL, and a Docker retest command that teams can run to verify their fix.
Each lead includes which agent is posting it, which specialist should receive it, and a message describing what to investigate. For example, the Infrastructure Agent might post a lead saying: "Found open Redis on port 6379 with no authentication. API Agent should check if session tokens are stored there."
Error Resilience
The agent loop includes a consecutive error counter. If an agent encounters three consecutive API errors (network timeouts, rate limits, service outages), it stops rather than spinning indefinitely. The agent's status is set to "error" on the blackboard, and the orchestrator continues with the remaining agents.
This design prevents a single failing agent from consuming time and resources that other agents could use productively. The pentest produces results from whichever agents succeed, even if one or two encounter problems.
The Orchestration Layer
Agents do not self-organize. The orchestrator decides which agents to deploy based on the pricing tier, assigns each agent its role and focus area, sets deadlines, and monitors completion. Once all agents finish (or reach their deadline), the orchestrator triggers synthesis — combining all blackboard findings into the final pentest report.
The orchestrator also manages the supervisor function (present in Standard tier and above), which coordinates agent work, resolves conflicting findings, and ensures coverage across the entire attack surface.
Why Multi-Pass Matters
A single-pass analysis — where an agent reads the data once and reports everything — misses the emergent discoveries that arise from agent collaboration. When the Auth Agent posts a finding about weak JWT validation, the API Agent's next pass can check whether that weakness is exploitable through specific API endpoints. When the Web Agent finds reflected input, the Business Logic Agent can evaluate whether that reflection enables workflow bypass.
The loop-based, blackboard-connected architecture creates a feedback cycle where each agent's work improves the quality of every other agent's subsequent analysis. This is the core advantage of agentic pentesting over static analysis.