T3MP3ST
Open-source multi-agent framework that turns AI coding agents like Claude and Codex into autonomous red-teaming tools for vulnerability hunting.
Updated 2026-07-05
Overview
T3MP3ST (a leetspeak rendering of "tempest") is an open-source, multi-agent offensive-security framework that repurposes general-purpose AI coding agents — Anthropic's Claude Code, OpenAI's Codex, and similar — as autonomous red-teaming operators for finding vulnerabilities in code. Rather than shipping its own model, it acts as an orchestration layer: it spins up and coordinates multiple agent instances, assigns them roles in a vuln-hunting loop (reconnaissance, exploitation, verification), and drives them toward discovering and confirming security bugs with minimal human babysitting.
It comes from elder-plinius (known as "Pliny"), one of the more visible names in the AI red-teaming and jailbreak scene, and the project follows that lineage — it's aimed squarely at security researchers, bug-bounty hunters, and offensive-security engineers who already live in the terminal and want to point capable coding agents at real targets. The July 2026 launch leaned on claimed benchmarks against recent 2026 CVEs and demonstrated wiring into existing agent CLIs, which is the pitch that made it trend: you bring an agent you already pay for, and T3MP3ST turns it into a semi-autonomous vuln scanner.
The important framing: this is a GitHub framework, not a hosted product. It's free under AGPL-3.0, but "free" only covers the orchestration code — you still pay whatever your underlying agent's API or subscription costs, and those costs scale with how many agents you fan out. It's also unambiguously dual-use tooling: legitimate for authorized pentests, bug bounties, and CTF/research work, and off-limits for hitting systems you don't own or have permission to test.
Key features
Multi-agent orchestration
Coordinates several AI agent instances working in parallel on a target, splitting the vuln-hunting workflow across specialized roles instead of relying on a single chat session.
Agent-agnostic design
Wraps existing coding agents such as Claude Code and Codex rather than shipping its own model, so you use (and pay for) whichever capable agent you already have access to.
Autonomous vuln hunting
Drives the agents through a recon-to-exploit loop aimed at discovering and confirming real vulnerabilities with limited human intervention, marketed against recent 2026 CVEs.
Fully open source
Released on GitHub under AGPL-3.0, so the orchestration logic is fully inspectable and modifiable — important for a security tool you're pointing at sensitive targets.
Pricing
Free tier: Entire project is free and open source under AGPL-3.0; the only real cost is the token/subscription spend of whatever AI agent you plug in.
| Plan | Price | What's included |
|---|---|---|
| Open Source | Free (AGPL-3.0) | Full framework on GitHub. Self-hosted, no paid tiers. You supply and pay for the underlying AI agent (e.g. Claude Code, Codex) plus its API/subscription costs. |
Full framework on GitHub. Self-hosted, no paid tiers. You supply and pay for the underlying AI agent (e.g. Claude Code, Codex) plus its API/subscription costs.
Pros & cons
Pros
- ✓Free and fully open source (AGPL-3.0) — the orchestration layer is inspectable, which matters for a tool aimed at sensitive targets
- ✓Agent-agnostic: leverages capable coding agents you may already pay for (Claude Code, Codex) instead of a weaker bundled model
- ✓Multi-agent approach can parallelize recon and exploitation work that would be tedious to drive by hand in a single session
- ✓Comes from a well-known red-teaming researcher, so the workflow is designed by someone fluent in offensive security
Cons
- ×Early-stage GitHub framework, not a polished product — expect setup friction, thin docs, and self-reported benchmarks rather than independent validation
- ×Real cost is hidden: fanning out multiple agents can burn through API tokens or agent subscription limits quickly
- ×AGPL-3.0 copyleft complicates embedding it in closed-source or commercial security products
- ×Dual-use by nature — only appropriate for authorized testing, and autonomous runs still surface false positives that need expert triage
How it compares
| Tool | Best for | Pricing | Score |
|---|---|---|---|
| T3MP3ST | — | Free, open source (AGPL-3.0) — you pay for the underlying AI agent's API usage | 7.8/10 |
| Cursor vs Cursor → | — | Freemium | 9.5/10 |
| GPT-5.5 vs GPT-5.5 → | — | API: $5/$30 per 1M tokens (in/out). ChatGPT Plus $20/mo, Pro $200/mo | 9.4/10 |
| Windsurf | — | Freemium | 9.1/10 |
Compare head-to-head
Related reading
Gemini 3.5 Pro July Launch: What to Expect
Leaks point to a mid-July 2026 Gemini 3.5 Pro launch with 2M-token context and stronger agents. What's sourced vs. rumored.
Alibaba Bans Claude Code Over Security Concerns
Alibaba told staff to remove Anthropic's Claude Code by July 10 over security concerns. Here's what triggered the ban and what it signals.
Microsoft Frontier: 6,000 AI Engineers for Hire
Microsoft's new $2.5B Frontier firm embeds 6,000 AI engineers inside customers to close the enterprise deployment gap. Here's the strategy.
Ready to try T3MP3ST?
Head to the official site to start with T3MP3ST — pricing and plans are listed above.
Visit T3MP3ST

