pip install red-specter-phantom-swarm
PHANTOM Swarm deploys five autonomous attack agents that coordinate across 19 vectors to probe AI systems the way real adversaries do — as a swarm, not a checklist. Reconnaissance maps blind spots before a single attack fires. Injection cascades through memory and RAG pipelines. Evasion mutates payloads in real time. Swarm coordination operates without a detectable C2 channel. Persistence survives session boundaries. All five agents. Simultaneously.
Each agent has a distinct role. Together they form a coordinated assault that probes AI systems across every attack surface simultaneously. No single-vector tool can replicate what a swarm does.
Maps every blind spot in the target's detection perimeter before a single attack fires. Threshold probing, fingerprinting, boundary analysis.
Memory injection, RAG pipeline poisoning, goal drift induction, prompt injection cascade. Attacks the data layer the agent trusts.
Polymorphic payload rewriting, semantic deception, telemetry manipulation. Every failed payload mutates and returns unrecognisable.
Coordinates the swarm without a detectable C2 channel. Consensus hijack attempts against defensive voting architectures.
Logic bomb assembly, credential harvesting, lateral movement through agent trust chains, slow-burn exfiltration that survives session boundaries.
Each campaign orchestrates different combinations of agents and vectors for a specific objective. Run a single campaign or unleash all 19 vectors simultaneously with TOTAL ECLIPSE.
Run a full coordinated swarm assault:
Five agents coordinate without a central C2 channel. Each agent adapts based on what the others discover.
Real attackers don't run one payload at a time. PHANTOM attacks the way actual adversaries do — as a coordinated swarm.
Every campaign produces a structured JSON report. Ed25519 signed. RFC 3161 timestamped. AI Shield policy file generated.
Every finding generates an AI Shield blocking rule. PHANTOM findings become runtime protection automatically.
| Campaign | Command | What It Does |
|---|---|---|
| Threshold Probe | phantom swarm --campaign threshold-probe | Maps detection boundaries before attack |
| Injection Storm | phantom swarm --campaign injection-storm | Full prompt injection across all vectors |
| Shadow Walk | phantom swarm --campaign shadow-walk | Stealth evasion and telemetry manipulation |
| Ghost Protocol | phantom swarm --campaign ghost-protocol | C2-less swarm coordination |
| Dead Reckoning | phantom swarm --campaign dead-reckoning | Persistence and slow-burn exfiltration |
| Memory Siege | phantom swarm --campaign memory-siege | Full memory and RAG poisoning assault |
| Trust Collapse | phantom swarm --campaign trust-collapse | Agent trust chain lateral movement |
| Consensus Breach | phantom swarm --campaign consensus-breach | Voting architecture hijack |
| Supply Strike | phantom swarm --campaign supply-strike | Supply chain and tool integrity assault |
| Total Eclipse | phantom swarm --campaign total-eclipse | All 19 vectors, all 5 agents, simultaneously |
19 vectors spanning reconnaissance, injection, evasion, swarm coordination, and persistence. Each vector is assigned to the agent best suited to execute it. All fire simultaneously during TOTAL ECLIPSE.
Forge tests the model. Arsenal tests the agent. PHANTOM Swarm tests the agent the way a real adversary would — as a coordinated swarm. AI Shield protects the live agent in production. PHANTOM findings feed directly into AI Shield as runtime blocking rules.
Red Specter PHANTOM Swarm is intended for authorised security testing only. Unauthorised use against systems you do not own or have explicit permission to test may violate the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), and equivalent legislation in other jurisdictions. Always obtain written authorisation before conducting any security assessments. Apache License 2.0.
Most pen-testing frameworks are menus that shell out to sqlmap, nikto, and nmap behind a terminal UI. PHANTOM Swarm is actual engineering. Every payload, every mutation, every detection algorithm, every scoring engine — written from scratch in pure Python. Zero subprocess calls. Zero external tool dependencies.
Export every finding directly to your SIEM. One flag. Native format translation. Ed25519 signatures and RFC 3161 timestamps preserved across every export.
phantom scan http://myagent:8000 --export-siem splunk