--- title: Pentest Agents as They're Built description: When your system generates a new AI agent, the ZioSec API pentests it the moment it exists. CI for agents: build-time attack trees, evidence, and pass/fail gates. url: https://ziosec.com/use-cases/agentic-software-on-demand --- # Pentest Agents as They're Built **Build-Time Agent Pentesting / CI for Agents** Agents now generate agents. When your builder, orchestrator, or pipeline spins up a new agent or workflow, the ZioSec API pentests it the moment it exists. Bespoke attack trees run at build time, before the agent ever touches production data or real users. ## Machine-generated agents need machine-speed testing Hand-built agents shipped on human timelines. Generated agents do not. When an agent-builder or orchestration layer produces a new agent on demand, there is no review window, no pentest cycle, no human in the loop to catch what it exposed. The only way to test software that writes itself is to make pentesting part of the act of creation. ZioSec is the API that does it: call us at build time, and every agent your system creates gets attacked before it goes live. ## When agents build agents, the test window disappears Agentic software-on-demand means new agents and workflows appear continuously, generated by other agents, low-code builders, or CI pipelines. Each one carries its own model, its own tools, its own data access, and its own attack surface. A human never scoped it and a human may never see it before it runs. Traditional pentesting assumes a fixed artifact and a scheduled engagement. Generated agents break both assumptions. You cannot test on a quarterly cadence software that is born hourly. The test has to move to the moment of creation. ## One API call, triggered the instant an agent exists Wire the ZioSec API into the step that finalizes a new agent or workflow. The moment your system emits one, it sends us the agent definition: model, system prompt, connected tools, and data scopes. We generate a bespoke attack tree for that exact configuration and run it. You get back structured findings and a pass or fail signal your pipeline can act on. No queue, no ticket, no waiting for the next pentest window. The agent is tested as part of being built. This is the same engine behind our platform, exposed as an endpoint so it can fire inside your own automation. See the [ZioSec API](/api) page for the contract. ## AI attacks AI, generated fresh for every generated agent A static scanner runs the same checklist against everything. That fails the instant agents are non-standard and machine-made. ZioSec does the opposite. Our AI reads each newly generated agent and autonomously builds deep-chained attack trees unique to its architecture, tools, and data access, then executes them in real time. Because every agent your system produces is different, every attack campaign we run is different. The bespoke, adversarial generation is the part a generic tool cannot copy, and it is exactly what machine-generated software demands. ## A pass or fail gate your pipeline can enforce Treat agent security like any other build check. ZioSec returns a clear result you can gate on: block the deploy on a critical finding, allow it with a logged exception, or route the evidence to a human for sign-off. Set the threshold by severity, by framework control, or by agent class. Agents that pass ship. Agents that fail get flagged with reproduction steps before they ever reach a customer. This is continuous testing of agent-to-agent and machine-generated workflows, enforced where your software is actually assembled. ## We validate what your system builds. We do not build the agents ZioSec is the offensive validation layer, not an agent factory. Your builders, orchestrators, and pipelines create the agents and workflows. We pentest what they create. You keep full ownership of the software and the architecture. We supply the adversary that proves it is safe before it runs. That clean separation is deliberate: the thing testing your agents should never be the thing that wrote them. ## Every generated agent ships with audit-ready proof Each build-time run produces a concrete evidence packet: the attacks attempted, which succeeded, severity, full reproduction steps, control-level mappings to OWASP AISVS, MITRE ATLAS, ISO 42001, NIST AI RMF, EU AI Act, and AIUC-1, plus timestamps, all exportable for GRC and trust workflows. Our methodology ([A2OSF](/methodology)) maps each finding into those six public standards. The result: even agents no human reviewed carry a defensible, timestamped record of exactly how they were tested. ## The real-time loop Four steps, fired automatically the instant your system produces a new agent. 1. **Agent generated.** Your builder, orchestrator, or pipeline creates a new agent or workflow and hands its definition (model, prompt, tools, data scopes) to the ZioSec API. 2. **API triggered.** The call fires at build time, the moment the agent exists. No queue, no scheduled window. The agent is tested as part of being created. 3. **Attack tree run.** Our AI generates a bespoke, deep-chained attack tree for that exact configuration and executes it in real time against the new agent. 4. **Evidence and gate.** You get back a framework-mapped evidence packet and a pass or fail signal your pipeline gates on: ship it, log an exception, or route to a human. ## Safe by design Running live attacks inside your pipeline is a controlled capability. You scope the blast radius: which agents, tools, and data classes are in bounds. Destructive actions are simulated or approval-gated and never executed blind. There is a one-click stop, full audit logging, and rate limits. Build-time agents are tested before they reach real users or production data. ## Frequently asked questions **How is this different from running ZioSec on a schedule?** Scheduled testing assumes you know when agents change. With agentic software-on-demand, agents are generated continuously and unpredictably, so a schedule always lags. Build-time pentesting fires on the event of creation instead of the clock. Every agent your system produces is tested the moment it exists, not whenever the next window comes around. Many teams run both: build-time gating for new agents, continuous campaigns for the fleet already in production. **Does ZioSec build or generate the agents for us?** No. ZioSec validates within what your system creates. Your builders, orchestrators, and pipelines generate the agents and workflows. We pentest what they generate and return findings and a pass or fail result. We never author your agents. Keeping the adversary separate from the builder is intentional and is part of why the evidence holds up under audit. **What does the API actually receive and return?** You send the new agent's definition: model, system prompt, connected tools, and data scopes. ZioSec generates a bespoke attack tree for that configuration, runs it, and returns structured findings (attacks attempted, which succeeded, severity, reproduction steps, framework mappings, timestamps) plus a pass or fail signal your pipeline can gate on. Full details and the integration contract live on the [ZioSec API](/api) page. **Is it safe to run live attacks against agents inside our pipeline?** Yes, by design. You scope the blast radius: which agents, tools, and data classes are in bounds. Destructive actions are simulated or approval-gated and never executed blind. There is a one-click stop, full audit logging, and rate limits. It is a controlled capability that runs against build-time agents before they reach real users or production data. **What kinds of agents and workflows can it test?** Custom agents, Claude Code, and any agent built on MCP or A2A protocols, including agent-to-agent workflows and machine-generated chains produced by other agents or builders. Because the attack tree is generated per agent, non-standard and one-off configurations are tested as thoroughly as common ones. **Can we start without wiring up the full API?** Yes. A scoped pentest engagement starts at 10,000 dollars and is the low-commitment on-ramp: a single bounded validation of your generated agents with a full evidence packet. It is one of three ways to work with us (platform, API, or scoped engagement), and 100 percent of the fee credits toward an annual platform subscription if you continue. ## Related - [The ZioSec API](/api) - [Our Methodology (A2OSF)](/methodology) - [Validate Your Agents](/use-cases/validate-your-agents) ## Make pentesting part of how your agents are born If your system generates agents on demand, test them on demand. Talk to our team about wiring the ZioSec API into your build step, or book a demo to see a bespoke attack tree run against a freshly generated agent. [Talk to Our Team](/contact) | [See a Sample Report](/sample-report) ## Contact ZioSec, Boulder CO. Email info@ziosec.com or call +1-720-807-2737. Book a demo at /demo.