28 Claude Code subagents for pentesting: pentest-ai-agents

A repository called pentest-ai-agents has just released 28 subagents ready to use with Claude Code, built entirely for penetration testing. The news was reported by CyberSecurityNews on April 28, 2026, and the sheer number says a lot: this is not just a couple of demo tools, but rather a structured collection covering complete phases of a security engagement.

That someone decided to model the flow of a pentest as a graph of subagents orchestrated by Claude Code is no accident. It is the direct consequence of Claude Code's subagent architecture having matured enough to delegate tasks with specific context without losing track of the main session.

What is pentest-ai-agents and what does it include

The project organizes its 28 subagents by typical phases of a penetration test: reconnaissance, enumeration, vulnerability analysis, exploitation, post-exploitation, and report generation. Each subagent is designed to receive a specific scope (a domain, an IP range, a service) and return structured results that the orchestrator agent can chain together.

Some of the most notable subagents covered in the source:

• Recon Agent: combines passive OSINT with subdomain enumeration.
• Port Scanner Agent: orchestrates calls to tools like nmap via MCP server and parses output for the main agent.
• Web Vuln Agent: automates OWASP Top 10 checks against defined endpoints.
• Privilege Escalation Agent: suggests escalation vectors based on the system context received.
• Report Writer Agent: takes accumulated findings from the session and generates a markdown report draft.

The integration with Claude Code relies on the ability to invoke subagents on demand: the orchestrator delegates, waits for the response, and continues. This allows each subagent to carry its own system instructions, its own tool context, and potentially its own configured MCP server for the utilities it needs.

Why the chosen architecture matters

The approach of separate subagents rather than a single monolithic agent with hundreds of instructions has practical implications. First, the context window is managed better: each subagent works with its specific slice of information, without dragging along accumulated noise from earlier phases. Second, specialization makes system instructions more precise and therefore results more predictable.

There is also a maintenance advantage: if reconnaissance logic changes because an external tool changes its API or output format, you only need to update that subagent, not rewrite an entire monolithic prompt.

Applied to cybersecurity, this approach makes even more sense: a pentester might want to activate only certain phases depending on the type of engagement (white box, black box, red team) without modifying the overall configuration.

Who it's useful for

The most obvious profile is pentesters already working with Claude Code who want to automate the more mechanical parts of an engagement: initial reconnaissance, generating repetitive commands, correlating findings, drafting reports. It does not replace the technical judgment of the professional, but it does reduce the time spent on low-value cognitive tasks.

It is also relevant for internal security teams (blue team or DevSecOps) that conduct periodic attack surface reviews and need a way to standardize the process without depending on a single expert who remembers all the steps.

And there is a third, less obvious profile: cybersecurity instructors and students who can use the repository as a reference for how to structure a pentesting workflow, regardless of whether they use Claude Code or not.

What you should understand before using it

A project like this raises questions that the repository should answer clearly in its documentation: what controls exist to prevent subagents from executing actions outside the authorized scope? How is logging of actions managed to meet the requirements of a real engagement? Are the MCP servers that some agents need from third parties or included?

Without clear answers to those questions, the project remains closer to an advanced proof of concept than a production-ready tool in a regulated environment.

That said, the fact that the Claude Code ecosystem is producing specialized collections of this scale is a signal that the subagent architecture is starting to gain real traction beyond generic use cases. For the niche of offensive cybersecurity, where assisted automation has very concrete value, a repository structured like this was only a matter of time.