pentest-ai

v0.15.3 Feature

This release adds 1 notable feature for engineering teams evaluating rollout.

Published 14d Offensive & Pentesting

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

ai-security bug-bounty claude ctf security exploit

+12 more

exploit-chaining hacking-tools mcp model-context-protocol nmap offensive-security osint penetration-testing pentest-ai pentesting python vulnerability-scanning

Summary

AI summary

Default budget for the standalone agent loop raised from $2 to $10 USD.

Changes in this release

Type	Severity	Summary	CVE
Feature	Medium	DEFAULT_PRICE_LIMIT_USD raised from $2 to $10 in engine/llm/cost.py DEFAULT_PRICE_LIMIT_USD raised from $2 to $10 in engine/llm/cost.py Source: llm_adapter@2026-05-25 Confidence: low	—
Feature	Low	Added "Spending cap (Path 3 only)" section in README documenting env-var override, unlimited escape hatch, and resume-after-cap workflow Added "Spending cap (Path 3 only)" section in README documenting env-var override, unlimited escape hatch, and resume-after-cap workflow Source: granite4.1:30b@2026-05-25-audit Confidence: low	—

Full changelog

Default-budget bump and documentation. The standalone agent loop's spending cap defaults to $10 USD (up from $2), which fits a normal Sonnet 4.6 web-app engagement end to end without the cap firing mid-recon.

Changed

DEFAULT_PRICE_LIMIT_USD raised from $2 to $10 (engine/llm/cost.py). The previous $2 default was pre-launch hardening but aborted real Sonnet engagements mid-engagement; $10 finishes most Sonnet sweeps while still catching runaway agent loops. Override via PTAI_PRICE_LIMIT=N; =0 is still unlimited; resume after a cap-abort with ptai resume <engagement_id> (engagement state is preserved at aborted_cost_limit status). Applies only to the standalone agent loop (ptai start) — MCP-driven engagements continue to use the AI client's own billing.

Docs

New "Spending cap (Path 3 only)" section in README under the standalone-CLI install path. Documents the env-var override, the unlimited escape hatch, and the resume-after-cap workflow. Explicitly clarifies that Paths 1 and 2 (MCP-driven via Claude Code, Cursor, etc.) don't use this cap.

Install

pip install ptai==0.15.3

PyPI: https://pypi.org/project/ptai/0.15.3/

Full notes in CHANGELOG.md.

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track pentest-ai

Get notified when new releases ship.

About pentest-ai

Offensive-security MCP server with 205 wrapped tools, 17 specialist agents, and 60 SPA-aware probes for OWASP Top 10. CLI + MCP, BYO LLM. No API key needed on MCP path.

All releases →