Exploring the architecture of offensive/defensive security agents, focusing on the RAPTOR framework for recursive penetration testing.
An autonomous agent can easily go out of scope, attacking third-party services or production infrastructure. Strict "guardrails" (e.g., allowed IP ranges, domain whitelists) are mandatory.
The same agent that patches a system can be used to attack it. The release of such frameworks requires responsible disclosure and access controls.