Why I Built Nightfang
From 7 CVEs and manual pentesting to autonomous AI agents that prove every vulnerability they find.
I've spent years breaking software. Seven published CVEs across node-forge, uptime-kuma, liquidjs, picomatch, and jspdf. The pattern was always the same: find a vulnerability, write the proof of concept, write the report. Repeat.
Then AI happened to security.
Suddenly every app had a chatbot. Every developer tool had an AI copilot. MCP servers started popping up everywhere, exposing tool schemas that nobody was auditing. Companies were shipping AI features as fast as they could, and the attack surface was growing faster than anyone could manually test.
The problem I kept hitting
When I started doing AI security assessments, the tooling was... not there. The options were:
- — promptfoo for red-teaming LLM outputs. Good for eval, but it's a test runner, not a pentester. No verification, no proof of exploit.
- — garak for LLM probing. Solid attack coverage, but Python-heavy setup and no MCP or supply chain coverage.
- — semgrep + nuclei for traditional scanning. Can't see AI-specific attack surfaces at all.
None of them did what I actually needed: scan an AI endpoint, attack it systematically, verify that the findings are real, and give me a report I could hand to a client. I was stitching together 4-5 tools for every engagement and still writing manual PoCs for every finding.
The insight: attackers verify, tools don't
The biggest waste of time in security isn't finding vulnerabilities. It's triaging false positives. Every scanner I've used produces a mountain of "possible" findings that turn out to be nothing. You spend 80% of your time proving that things aren't broken.
Real attackers don't have this problem. They try to exploit something. If it works, it's real. If it doesn't, they move on. That's the workflow I wanted to automate.
Four agents, one pipeline
Nightfang runs four agents in sequence, each specialized for a phase:
Maps the attack surface. Endpoints, system prompts, MCP tool schemas, auth flows.
47+ test cases. Prompt injection, jailbreaks, tool poisoning, data exfiltration.
Re-exploits every finding independently. If it can't reproduce, it's killed.
SARIF for GitHub Security tab. Markdown and JSON with full evidence chains.
The verification agent is what makes this different. It doesn't trust the attack agent's output. It independently re-exploits each finding, captures proof artifacts, and assigns a confidence score. If a "prompt injection" only works with a contrived input that a real user would never send, it gets flagged and downgraded.
Not just LLMs
AI security isn't just about prompt injection. The attack surface includes:
- LLM endpoints — ChatGPT, Claude, Llama APIs, custom chatbots
- MCP servers — tool schemas, validation, auth, poisoning vectors
- npm packages — supply chain attacks, malicious code, dependency risk
- Source code — AI-powered deep security review of any repo
- Web apps — AI copilots, RAG pipelines, agent APIs
That's why Nightfang has five commands, not one. scan for endpoints, audit for packages, review for source code, plus findings and history to track everything.
The cost question
AI-powered tools have a cost problem. Most teams won't adopt something that burns $50 per scan. Nightfang is designed to be cheap enough for CI/CD:
- — Quick scan: ~$0.05, under 1 minute. Run it on every PR.
- — Default scan: ~$0.15, 3 minutes. Balanced coverage for staging.
- — Deep scan: ~$1.00, 10 minutes. Pre-launch audit.
That's cheaper than one hour of manual pentesting. And it runs every time you push, not once a quarter.
Try it now
Nightfang is live on npm. No config needed. One command:
npx nightfang scan --target https://your-app.com/api/chat It's MIT licensed, fully open source, and I'm actively building it. If you're shipping AI features and want to know what an attacker would find, give it a shot.