The Cyber-Sleuth Security Auditor is an intelligent Multi-Agent System (MAS) designed to automate the initial phases of security auditing for software codebases. Built on the CrewAI framework, the system orchestrates a team of three specialized AI agents—Reconnaissance, Vulnerability Scanner, and Security Reporter—to identify technology stacks, detect common security flaws (such as hardcoded secrets and dangerous function usage), and generate professional, actionable audit reports. This project demonstrates how agentic workflows can significantly lower the barrier and time requirements for continuous security integration in the development lifecycle.

In the contemporary landscape of software development, security is no longer an optional feature but a core requirement. However, manual security audits are often hindered by the scarcity of security experts and the repetitive nature of initial code reviews. Developers frequently miss low-hanging fruit vulnerabilities, such as hardcoded API keys or the use of unsafe functions like eval().

The Cyber-Sleuth Security Auditor was developed to bridge this gap. By utilizing Large Language Models (LLMs) and autonomous agents, the project aims to provide a "cyber-sleuth" capability that can rapidly scan a project directory, perform OSINT (Open Source Intelligence) to find stack-specific risks, and deliver a consolidated report. This allows human auditors to focus on more complex, logic-based vulnerabilities while the MAS handles the foundational static analysis.

System Architecture
The platform is built using Python and the CrewAI library, utilizing a sequential process where information flows through a chain of specialized agents.

Agents and Roles

1. Cyber Security Reconnaissance Specialist: This agent performs preliminary research using web search tools. It identifies the target tech stack (e.g., Python, Node.js) and researches known common vulnerabilities and best practices associated with that stack.
2. Lead Security Researcher: Focused on deep-dive static analysis. This agent utilizes a custom SecurityScannerTool to iterate through the local codebase, looking for specific suspicious patterns.
3. Senior Security Auditor: The final agent in the sequence. It synthesizes the reconnaissance data and the specific scanning findings into a professional Markdown report, including an executive summary and remediation advice.

Implementation Tools

• Security Code Scanner: A custom Python tool that performs pattern-matching for hardcoded secrets (API_KEY, SECRET_KEY, password, token) and dangerous system calls (eval(), exec(), os.system()).
• DuckDuckGo Search: Integrated via langchain_community to provide the Recon agent with real-time web access.
• File Writer: A tool that automates the persistence of the final

Setup
The auditor was tested against a target repository containing a file named vulnerable_code.py, which purposely included several common security flaws:

• A hardcoded AWS Secret Key.
• An insecure usage of eval(input()).
• A dangerous system call using os.system().

Execution Flow
The experiment was initiated via the command:

python main.py vulnerable_code.py

1. Reconnaissance: The system identified the target as a Python-based script and searched for standard Python security pitfalls (PEP 8 compliance, injection risks).
2. Scanning: The Lead Security Researcher executed the scanner tool, which successfully located the target patterns across multiple lines in the file.
3. Reporting: The Senior Security Auditor compiled these findings into a report, categorizing them by severity and providing code snippets of the offending lines.

The experiment yielded a 100% detection rate for the predefined pattern-based vulnerabilities in the test file.

Key Performance Indicators:
| Metric | Result
| Detection Accuracy (Patterns) | High (Captured all occurrences of API_KEY and eval) |
| Execution Time | < 2 Minutes (including web search and LLM reasoning) |
| Report Clarity | Professional Markdown with actionable remediation steps |

The Cyber-Sleuth Security Auditor successfully proves the feasibility of using multi-agent systems to automate the tedious aspects of security auditing. By delegating the "scanning" and "reporting" roles to autonomous agents, the project achieves a high degree of efficiency and consistency in vulnerability detection.

Future Work

• Dynamic Analysis: Integrating tools that can run the code in a sandbox to monitor for runtime threats.
• Robust Tooling: Moving beyond regex-based scanning to more sophisticated AST (Abstract Syntax Tree) analysis.
• CI/CD Integration: Developing a GitHub Action to run the auditor automatically on every pull request.

The project stands as a robust foundation for building more complex, AI-driven security automation tools.