pip install red-specter-apocalypse
Point tools test one vector at a time. Real attackers don't. When five adversarial agents hit simultaneously — recon, injection, evasion, coordination, exfiltration — your defences face a coordinated swarm, not a solo probe. APOCALYPSE chains the full kill chain and fires it in under a second.
Most AI agent security tools test one vector at a time. Real attackers don't. APOCALYPSE fires five agents simultaneously — recon, injection, evasion, coordination, and exfiltration all running at once, in under one second.
Static keyword filters block direct injections. SHADE generates 8 encoding variants and 40-keyword semantic mutations per payload — Cyrillic homoglyphs, zero-width spaces, base64, ROT13. Most filters see none of it.
AI agents often reflect credentials, tokens, and API keys in responses. No tool systematically harvests them. REVENANT scans every response with compiled regex for OpenAI, Anthropic, AWS, JWT, and Bearer patterns.
Point tools test individual vectors. APOCALYPSE chains recon → injection → evasion → exfil into 10 pre-built campaigns — from THRESHOLD PROBE (LOW) to ANNIHILATION (EXTREME, UNLEASHED required).
Five agents. Each one attacks a different surface of the AI fleet. Each one produces structured JSON consumed by the report builder. Each finding maps to MITRE ATLAS. All five fire concurrently via asyncio.gather — 0.69s total for the full swarm.
| ID | Agent | Role | Vectors | Description |
|---|---|---|---|---|
| P-01 | WRAITH | Reconnaissance | WRA-001→005 | Agent inventory, tool manifest discovery, health probe, auth detection, rate limit mapping. Builds the target topology before attack phases commence. |
| P-02 | SPECTER | Injection & Poisoning | SPE-001→003 | Direct injection (8 templates), indirect injection (5 templates), memory poisoning. Attacks the trust and instruction layers of the target agent. |
| P-03 | SHADE | Evasion & Mutation | SHA-001→002 | 8 encoding variants including Cyrillic homoglyphs, zero-width spaces, base64, ROT13. 40-keyword semantic synonym mutations. Defeats static keyword filters. |
| P-04 | PHANTOM | Swarm Commander | PHA-001→002 | asyncio.gather concurrent execution — all 14 vectors firing simultaneously. Campaign phase sequencing for multi-stage attack chains. |
| P-05 | REVENANT | Exfiltration & Persistence | REV-001→002 | Credential harvest with compiled regex for OpenAI, Anthropic, AWS, JWT, and Bearer patterns. Token replay for session persistence after initial compromise. |
Launch the full 14-vector swarm attack against a target AI agent fleet:
All 14 vectors fire simultaneously via asyncio.gather. 0.69s for the full swarm. No sequential queuing — maximum pressure, minimum detection window.
SHADE runs encoding and semantic mutation on every payload before injection. Cyrillic homoglyphs, zero-width spaces, base64 — filters see clean text, agents see the attack.
Every report cryptographically signed with Ed25519. RFC 3161 timestamped. SHA-256 evidence chains. Tamper-evident by design.
APOCALYPSE findings feed directly into WARLORD autonomous campaigns. Discovered credentials and topology pass seamlessly to the wider NIGHTFALL offensive chain.
Ten campaigns from LOW reconnaissance to EXTREME destructive annihilation. Each campaign selects the right agents and vectors for its objective. ANNIHILATION requires UNLEASHED authorisation — all five agents, all 14 vectors, full destructive mode.
| ID | Campaign | Severity | Agents | Objective |
|---|---|---|---|---|
| C-01 | THRESHOLD PROBE | LOW | WRAITH, SPECTER | Map detection boundaries without triggering active defences. Baseline recon and passive injection test. |
| C-02 | CREDENTIAL HARVEST | MEDIUM | WRAITH, REVENANT | Identity theft focus. Harvest credentials, API keys, and tokens from agent responses. |
| C-03 | RAG POISON | MEDIUM | SHADE, SPECTER | RAG pipeline corruption with mutated payloads. Injects poisoned data that survives encoding-based filters. |
| C-04 | SWARM TAKEOVER | HIGH | All 5 | Inter-agent trust compromise. PHANTOM coordinates all agents to simultaneously attack agent-to-agent trust channels. |
| C-05 | TOTAL ECLIPSE | EXTREME | All 5 (14 vectors) | Full swarm, every vector simultaneously. Maximum concurrent pressure across all attack surfaces in a single 0.69s execution. |
| C-06 | SILENT RECON | LOW | WRAITH only | Stealthy topology mapping. Full fleet inventory, tool manifest, health, auth, and rate limits — all passive, no injection. |
| C-07 | INJECTION STORM | HIGH | SHADE + SPECTER | Mutated payload injection at scale. SHADE pre-encodes every payload before SPECTER fires — defeats static and keyword-based defences. |
| C-08 | EXFIL EXPRESS | MEDIUM | REVENANT + WRAITH | Credential extraction focus. WRAITH maps endpoints, REVENANT systematically harvests every credential pattern from every response. |
| C-09 | INFRASTRUCTURE SWEEP | MEDIUM | WRAITH + PHANTOM | Complete fleet topology mapping. PHANTOM sequences WRAITH across all discovered endpoints for comprehensive infrastructure coverage. |
| C-10 | ANNIHILATION | EXTREME | All 5 | UNLEASHED REQUIRED — full destructive mode. All five agents. All 14 vectors. Live exploitation. --override --confirm-destroy required. |
APOCALYPSE is Tool #45 of 45 in the NIGHTFALL framework. It chains with FIREBALL (Tool 41), RAGNAROK (Tool 42), and WARLORD (Tool 40). Together they form the autonomous campaign layer — discovery, persistence, swarm, and trust chain annihilation.
Red Specter APOCALYPSE is intended for authorised security testing only. Unauthorised use against systems you do not own or have explicit permission to test may violate the Computer Misuse Act 1990 (UK), Computer Fraud and Abuse Act (US), and equivalent legislation in other jurisdictions. Always obtain written authorisation before conducting any security assessments. The ANNIHILATION campaign requires UNLEASHED cryptographic authorisation and is restricted to one operator. Apache License 2.0.
Most security testing frameworks are menus that shell out to existing tools behind a terminal UI. APOCALYPSE is actual engineering. Every agent, every mutation, every credential harvester, every swarm coordinator — written from scratch in pure Python. Zero subprocess calls. Zero external tool dependencies. asyncio.gather concurrent execution from the ground up.
Export every swarm finding directly to your SIEM. One flag. Native format translation. Ed25519 signatures and RFC 3161 timestamps preserved across every export.
apocalypse scan --target https://agent.example.com --campaign total_eclipse --export-siem splunk