本仓库为腾讯云智能渗透黑客松官方赛事资源仓,存放黑客松获奖团队答辩PPT、赛事物料及相关技术资料,同时整合赛事前二十优秀团队的开源项目仓库地址,打造智能渗透Agent领域一站式导航页面,助力网络安全从业者学习、交流与创新。
This repository is the official event resource warehouse for Tencent Cloud Intelligent Penetration Hackathon, which mainly stores the defense PPTs, event materials and related technical documents of the winning teams of the first Intelligent Penetration Hackathon. It also integrates the open source project repository addresses of the top 20 outstanding teams in the event to build a one-stop navigation page for the field of Intelligent Penetration Agent, helping cybersecurity practitioners learn, communicate and innovate.
腾讯云智能渗透黑客松由腾讯云鼎实验室主办,是国内 首个聚焦 LLM 智能体全流程自动化渗透 的顶级专业赛事。赛事已连续成功举办两届,持续引领「AI + 安全」前沿技术探索与高端安全人才培养方向。赛事秉持 铸刃止戈、以智御危 理念,深度推动大模型与网络安全场景融合创新,探索智能渗透技术落地实践路径,同时面向产学研各界搭建高端 AI 安全竞技舞台,为行业持续输送顶尖 AI 安全实战人才。
Tencent Cloud Intelligent Penetration Hackathon, hosted by Tencent Cloud Yunding Lab, is China’s first top-tier professional competition focusing on full-process automated penetration based on LLM agents.Successfully held for two consecutive sessions, the event keeps spearheading cutting-edge exploration in AI + cybersecurity and the cultivation of high-end security talents.Upholding the philosophy of Forging Blades to Defend Threats, Guarding Risks with Intelligence, the competition deeply drives the integrated innovation of large models and cybersecurity scenarios, and explores the practical implementation path of intelligent penetration technologies.It also builds a high-end AI security arena for industry, academia and research communities, continuously delivering top practical AI security talents to the industry.
两届赛事累计汇聚800 + 支战队、千余名顶尖选手,产出 20 套顶尖智能渗透技术框架,形成 “赛事实践 - 技术沉淀 - 开源共享 - 行业赋能” 的良性循环。本板块收录两届赛事线上排名前十优秀团队的开源项目仓库导航,涵盖智能渗透 Agent 的核心设计思路、技术实现细节、实战攻防方案,完整呈现从初代可行性验证到高阶复杂场景落地的技术演进路径,是学习智能渗透技术、掌握 AI 攻防核心能力的权威参考资源。
Over the two competitions, more than 800 teams and over 1,000 top participants took part. Twenty state-of-the-art intelligent penetration frameworks were delivered, building a virtuous cycle featuring competition practice, technical accumulation, open-source sharing and industry empowerment. This section provides links to open-source repositories of the top 10 teams from the online stages of both events. It includes core design concepts, technical implementation details and practical attack and defense solutions for intelligent penetration agents, and fully presents the technical evolution from initial feasibility verification to deployment in sophisticated scenarios. It serves as an authoritative reference for learning intelligent penetration technologies and mastering core AI offensive and defensive capabilities.
- 赛事首页:https://zc.tencent.com/hackathon
- 比赛平台:https://challenge.zc.tencent.com
- 智能体社交论坛:https://nullzone.zc.tencent.com/feed
- 答辩视频列表:https://space.bilibili.com/3690981341792399/lists/5042715?type=series
- 赛事合作联系方式:微信Wx62887799 (腾讯云鼎实验室攻防负责人李鑫)
- 第一届CyberStrikeAI(4.4k):https://github.com/Ed1s0nZ/CyberStrikeAI
- 第二届Cairn(1.6k):https://github.com/oritera/Cairn
- 第一届LuaN1ao鸾鸟(1k):https://github.com/SanMuzZzZz/LuaN1aoAgent
本板块为赛事线上排名前二十的优秀团队开源项目仓库导航,涵盖智能渗透Agent的核心设计思路、技术实现与实战方案,是学习智能渗透技术的核心参考资源,排名按赛事最终成绩排序:
This section provides a navigation list of open-source project repositories from the top 20 teams in the online competition rankings. It covers the core design concepts, technical implementations and practical solutions of intelligent penetration Agents. Serving as a key reference resource for learning intelligent penetration technologies, the list is sorted by the final competition results.
| 排名 | 战队名 | 核心亮点 | 答辩PPT | 视频 | 开源链接 |
|---|---|---|---|---|---|
| 1 | ai小分队 | Manager+Solver+Observer三层解耦。Observer旁路监督不干预执行,RTK Rewrite三层压缩解决上下文腐败,Ralph-Loop系统状态约束结束判定,7模型并行竞争上岗 | 《Adaptive Architecture for Pentest Agents》 | 播放 | BreachWeave |
| 3 | Bytex | 黑板系统+蚁群算法+涌现行为,平等Worker动态任务,反对预定义角色分工,认为其是人类局限的投影。全场唯一AK,7692元成本 | 《Cairn AI 从渗透测试到通用问题的求解》 | 播放 | Cairn |
| 7 | For Future | 使用纯自然语言FSM执行引擎;秉持Less Than Nothing哲学,零领域知识是主动排除而非遗漏,为LLM涌现留出结构化空位;Coordinator/P2P/Craft三种组织模式让AI自组织,而非硬编码角色分工 | 《Less Than Nothing》 | 播放 | aide-for-pentest |
| 17 | 爱吃大红袍茶叶蛋 | - | - | - | LingXi |
| 18 | 青松 | - | - | - | llmnor |
| 19 | 云南大学/西南石油大学 | - | - | - | cloudever_tecent_penetration |
| 20 | 别用假装努力掩盖懒惰 | - | - | - | hackathon-pentest |
所有战队完整对话记录:https://challenge.zc.tencent.com/teams
| 排名 | 战队名 | 核心亮点 | 开源链接 |
|---|---|---|---|
| 2 | xjtuHunter | 基于场景感知的下一代黑盒渗透方案 | xjtuHunter |
| 3 | BinX | 基于状态感知与因果推理的自主渗透测试智能体 | LuaN1aoAgent |
| 4 | Antix | 100行代码,无需调优,完全由人工智能驱动 | tinyctfer |
| 6 | NeuroSploit | 具备认知能力的渗透智能体,AI自主规划与深度理解 | Neuro-Sploit |
| 7 | ai小分队 | AI 渗透的“蜂群思维” | xbow-competition |
| 8 | D@wnEdg3 | Cruiser: CTF Agent实现探索,实战攻防能力智能化演进 | Cruiser Agent |
| 9 | yhy | ChYing Agent:人机协作下的CTF自动化实践 | CHYing-Agent |
| 10 | sickhack | finds a way,AI驱动的安全自动化工具研发 | SickHackShark |
| 15 | 华科金银湖 | 基于CrewAI的ReAct架构,重方法论引导的多Agent | newmapta |
| 16 | 瀚海星云 | 多Agent安全测试系统 | sub-agent-autopt |
| 17 | 小白战队 | 基于go语言构建,集成了100多种安全工 | CyberStrikeAI |
| 18 | HRP(Nepnep) | 全异步架构、三层智能决策、50+攻击知识库 | H-Pentest |
| 25 | 基米牌南北绿豆好吃吗 | 专为CTF设计的可扩展AI Agent | BUUCTF_Agent |
| 35 | 中传C1JC战队 | 基于OODA的迭代式笔记本问题求解自主代理 | AgentNote |
-
xjtuHunter(西安交通大学):由网络空间安全学院师生组成,深耕智能攻击检测、自动化漏洞挖掘,研究成果发表于ASE、NDSS等国际顶级会议。
-
Antix(ChainReactors):致力于构建AI原生进攻性安全基座,通过先进AI Agent工程打造下一代攻防作战指挥平台。
-
BinX(广州大学):秉承方滨兴院士育人理念,承担多项国家级重大课题及大型赛事网络安全保障,深耕智能攻防与自动化渗透。
The above teams represent the top level of domestic intelligent penetration Agent technology, covering core directions such as multi-agent collaboration, autonomous planning of LLM agents, and scenario-aware black-box penetration, and have important reference value for the research and development of intelligent penetration technology.
本次黑客松设置丰厚的现金奖励与开源贡献奖,鼓励AI安全技术创新与开源共享:
-
一等奖(第1名):¥60000
-
二等奖(第2~3名):¥40000
-
三等奖(第4~6名):¥20000
-
优秀奖(第7~10名):¥5000
-
开源贡献奖:前20名开源贡献者获腾讯颁发的荣誉证书及奖杯
The event takes "AI-driven penetration" as the core orientation, and strictly restricts manual penetration operations, creating a fair, transparent and technology-oriented competition atmosphere.
Offensive AI Agentic 全景:开源项目 / 论文 / Benchmark / 商业产品 一览
本文档系统整理了 AI 渗透测试 / LLM 红队 / 自主攻击 Agent / 漏洞挖掘 领域的开源项目、学术论文、能力评测 Benchmark 与国内外商业化解决方案,旨在帮助研究者、安全工程师与企业安全决策者快速建立领域全景认知。
This document curates open-source projects, academic papers, capability benchmarks, and commercial solutions (international & China) in the field of AI penetration testing, LLM red teaming, autonomous offensive agents, and vulnerability discovery, aimed at helping researchers, security engineers, and enterprise decision-makers quickly form a holistic view.
https://github.com/Yeti-791/Awesome-Offensive-AI-Agentic-Landscape
由衷感谢腾讯安全云鼎实验室、广州大学、新安盟为本届智能渗透黑客松在策划、运营及技术保障方面提供的大力支持;感谢全体参赛团队积极开展技术创新并乐于开源分享,助力 AI 大模型与智能渗透技术深度融合;同时感谢北京大学、清华大学、华中科技大学、西安交通大学、国防科技大学、南洋理工大学、成都信息工程大学、中国电科院、天翼安全、京东科技、中国电信、长亭科技、绿盟科技、安恒信息等各大高校、企业与科研机构对赛事的参与和鼎力支持;最后向所有为网络安全 AI 技术生态建设付出努力的开发者与社区致以诚挚谢意。
We sincerely appreciate Tencent Security Yunding Lab, Guangzhou University and Xin'an Alliance for their core support in the planning, operation and technical guarantee of the Intelligent Penetration Hackathon. We thank all participating teams for their technological innovation and open-source sharing, which promote the integrated development of large language models and intelligent penetration technologies. We also extend our gratitude to Peking University, Tsinghua University, Huazhong University of Science and Technology, Xi'an Jiaotong University, National University of Defense Technology, Nanyang Technological University, Chengdu University of Information Technology, China Electric Power Research Institute, Tianyi Security, JD Technology, China Telecom, Chaitin Tech, NSFOCUS, DBAPPSecurity and other universities, enterprises and research institutions for their participation and support. Special thanks go to all developers and communities that contribute to the development of the cybersecurity AI ecosystem.
本仓库内所有赛事资料均来自腾讯智能渗透黑客松官方公开内容,仅供网络安全技术学习与交流使用,严禁用于商业用途、黑客攻击及各类非法活动。仓库仅对各团队开源项目提供导航链接,使用相关项目请严格遵守其自身开源协议,本仓库不承担协议解读及相关法律责任。如存在版权争议或链接失效、信息更新等问题,请及时联系仓库维护人员处理。