Skip to main content
Agents are specialists that handle end-to-end security workflows. When you assign a task, Neo assembles a specialist tuned to the relevant tech stack, business context, and product logic. For example, when reviewing a particular repository, Neo builds a specialist that understands that repo’s architecture, dependencies, and security patterns. Each agent combines a structural prompt (how it thinks), custom capabilities created for its specific skill (what it can do), and pinned knowledge (what it knows). You can start a task with an agent, call one mid-run, or let Neo hand off automatically. Agents self-update as they execute and improve automatically over time.

Creating your own specialized agents

While Neo can automatically assemble agents at runtime, there are cases where investing time in creating specialized agents upfront pays off. Custom agents give Neo better building blocks for delegation and improve overall execution quality. Keep agents micro-focused. The more specific the agent, the better it performs and the more effectively Neo can delegate to it. Micro-focused agents can also be deployed for continuous automated execution as regression testers and ongoing reviewers. This enables proactive security workflows where agents continuously monitor and test your systems, catching issues before they reach production:
  • Repository-specific agents: Build agents that carry deep context about a particular codebase, including its architecture, conventions, dependencies, and business logic. Example: an agent specialized in your payments service repository that understands transaction flows, PCI compliance requirements, and sensitive data handling patterns.
  • Vulnerability-specific agents: Create agents focused on particular attack classes or vulnerability types. Example: an LLM injection specialist that knows prompt manipulation techniques, context escaping strategies, and validation bypass patterns specific to AI systems.
  • Application-specific agents: Design agents for testing particular applications or services. Example: an agent specialized in your SaaS platform that understands tenant isolation, cross-customer data leakage, subscription tier bypasses, and privilege escalation across organizational boundaries.
  • Authentication agents: Encode complex login flows as repeatable capabilities. If your application requires multi-step authentication (SSO, MFA, SAML, custom token exchange), build an agent that knows exactly how to complete the flow end to end. Example: an agent that handles your staging SSO login, generates a TOTP code from a stored secret, completes the MFA challenge, and lands on an authenticated session, so every other agent can start testing from an authenticated state without re-learning the login flow each time.
When Neo encounters a task, it selects from available specialists to delegate work. Micro-focused agents allow precise delegation: rather than a generic “web app testing” agent handling everything, Neo can route tenant isolation tests to your SaaS specialist, payment flows to your payments specialist, and prompt injection checks to your LLM security specialist. Each agent brings deep, targeted knowledge to its domain. You can start with a high-level description, let Neo assemble a draft agent, then iteratively refine it through testing and feedback. Once tuned, save and reuse it across projects. Over time, build a library of specialists that compound your team’s security knowledge and execution capability.