HexStrike AI fork adds BOAZ integration for AI-driven red team workflows

A public fork of HexStrike AI is drawing attention after adding BOAZ, a dual-use payload evasion framework, to an AI-driven penetration testing platform built around the Model Context Protocol.

The project, published as Hexstrike-redteam, describes itself as a fork of HexStrike AI with 127 security tools, 12+ autonomous AI agents, and BOAZ integration for red team operations. It connects MCP-compatible AI clients to security tooling so agents can help organize testing workflows.

The development highlights a fast-moving trend in cybersecurity tools. AI agents are no longer limited to writing reports or explaining findings. They can now connect directly to scanners, reconnaissance tools, exploit research utilities, and automation layers that need careful oversight.

What Hexstrike-redteam adds

Hexstrike-redteam builds on the original HexStrike AI concept, which uses an MCP server to connect AI assistants with security tools. The fork adds BOAZ as a dedicated red team component and lists support for clients such as Claude Desktop, Cursor, VS Code Copilot, Roo Code, and other MCP-compatible agents.

The repository says the platform includes 53 auto-installed tools and 74 tools that require manual installation because of licensing, platform, or dependency issues. It groups those tools across areas such as reconnaissance, web application testing, password auditing, binary analysis, forensics, OSINT, and cloud security.

The Kali Linux HexStrike AI package shows that the broader HexStrike AI project has also been packaged for security distributions. Kali describes it as an AI-powered MCP cybersecurity automation platform with autonomous agents, intelligent decision-making, and vulnerability intelligence.

Project	Main focus	Tool count described by source
HexStrike AI	MCP framework for AI-assisted security testing	150+ tools in the original project and Kali package
Hexstrike-redteam fork	HexStrike AI fork with BOAZ integration	127 tools, with 53 auto-installed
BOAZ	AV and EDR evasion testing framework	77+ loaders and 12 encoding schemes in the fork description

BOAZ turns the fork into a higher-risk dual-use tool

The most notable change is the integration of BOAZ, which stands for Bypass, Obfuscate, Adapt, Zero-Trust. Its own documentation describes it as a multilayered AV and EDR evasion framework for security testing and antivirus defense evaluation.

That integration changes the risk profile. A normal scanner can still create problems when misused, but a framework that combines AI orchestration with evasion-focused tooling deserves stronger controls.

The fork’s documentation describes BOAZ as part of a red team payload workflow, but defenders should focus on the broader implication rather than the implementation details. AI agents can reduce the time needed to select tools, interpret output, and move through testing steps.

Why MCP matters in security automation

The Model Context Protocol lets AI clients connect to external tools through a defined interface. In security platforms, that means an AI assistant can move from conversation into action by calling scanners, collecting results, and coordinating follow-up checks.

For authorized teams, this can reduce repetitive work. A security tester may use an AI agent to organize reconnaissance, summarize scan output, generate reports, or compare findings across tools.

For defenders, the same architecture creates a monitoring challenge. A tool that gives AI agents broad system access may execute powerful commands quickly, especially if it runs in an environment with weak authentication, poor logging, or sensitive credentials.

Original HexStrike AI is already part of the security tooling ecosystem

HexStrike AI is not only a GitHub concept. The Kali Linux tools page lists a HexStrike AI package and describes its server components for an AI-powered MCP cybersecurity automation platform.

The Kali page also shows dependencies such as Python, Flask, aiohttp, BeautifulSoup, requests, Selenium, mitmproxy, and pwntools. That packaging signals that AI-connected security tooling is moving into mainstream security environments.

The red team fork extends that direction by bringing evasion-focused functionality closer to the AI orchestration layer. This makes governance more important because the boundary between assisted testing and autonomous action becomes harder to manage.

Check Point previously warned about HexStrike misuse

Check Point Research previously warned that HexStrike AI could give threat actors an orchestration layer for rapidly combining AI models with security tools. Its report said underground discussions appeared soon after the tool’s release, with attackers discussing its use against newly disclosed vulnerabilities.

That warning remains relevant here. A framework built for defenders can still shorten the path from vulnerability disclosure to mass testing, especially when paired with agents that can select tools and interpret results with less human effort.

The concern is not that every user of HexStrike AI or its forks is malicious. The concern is speed, scale, and access. When powerful tools become easier to orchestrate, organizations get less time to patch and monitor exposed systems.

What the fork says about legal use

The Hexstrike-redteam repository says the tool should be used for authorized penetration testing, bug bounty programs within scope, CTFs, security research on owned or approved systems, and approved red team exercises.

It also warns against unauthorized testing, malicious activity, and data theft. Those warnings matter, but they do not remove operational risk for organizations that allow staff to install agent-connected security tooling without review.

Security leaders should treat this class of software like other high-impact offensive tooling. It needs approval, isolation, logging, and strict rules around target scope.

• Run AI-assisted testing tools only in approved lab or red team environments.
• Require written authorization before any live target testing.
• Log AI agent activity, tool calls, and generated commands.
• Separate research environments from production credentials and customer data.
• Control who can install MCP servers and connect AI clients to them.
• Review tool updates before allowing use in enterprise environments.

BOAZ documentation shows why defenders should pay attention

BOAZ documentation describes the project as modular and focused on evasion testing against signature, heuristic, and behavioral detection methods. It supports payload processing in controlled evaluation settings.

For security teams, the important point is not how to use those features. The important point is that AI-connected workflows can now sit next to evasion testing components, which raises the chance of faster experimentation by both legitimate teams and malicious actors.

This puts more pressure on endpoint detection, command logging, network controls, and internal policy. Tools that automate testing can also produce unusual activity that defenders must distinguish from real incidents.

How organizations should handle AI red team tooling

Organizations should build a formal process for AI-assisted security tools. That process should cover procurement, installation, approved users, approved targets, logging, isolation, and incident response contacts.

Security teams should also inventory MCP servers and AI client integrations. A developer workstation that quietly runs an MCP server with access to local tools can become a governance blind spot.

The safest approach is to place tools like these in dedicated security testing virtual machines or lab networks. They should not run on ordinary employee laptops, production servers, or machines that store long-lived cloud credentials.

Risk area	Recommended control
Unauthorized tool execution	Restrict MCP server installation and require approval for security tools.
Credential exposure	Use isolated environments without production secrets.
Unclear agent behavior	Log prompts, tool calls, outputs, and target selections.
Out-of-scope testing	Use allowlists for targets and written authorization for engagements.
Toolchain drift	Pin versions and review updates before deployment.

The bigger issue is AI-powered security operations

HexStrike AI and its red team forks reflect a broader shift. Security tools are becoming easier for AI agents to coordinate, and the same abstraction layer can support both defenders and attackers.

Check Point’s analysis warned that AI orchestration could reduce the time needed to act on newly disclosed vulnerabilities. That should push organizations to improve patch speed, external attack surface monitoring, and detection of automated reconnaissance.

The practical takeaway is clear. AI-assisted red team frameworks can help authorized security teams, but they require strong guardrails. Without those controls, the same tools can make offensive workflows faster, less manual, and harder to contain.

FAQ