Create specialized agents tailored to your organization’s workflows and security context
Agents are specialists for end‑to‑end security workflows. At runtime, Neo can assemble a task‑specific agent by researching the internet and your knowledge base. For example, when you review a particular repository, it assembles a specialist tuned to that repo’s tech stack, business context, and product logic. Each agent is an atomic unit of execution and handoff: the right task is handed to a specialized agent assembled on demand. These agents self update as they execute and improve automatically over time. Each agent combines a structural prompt (how it thinks), custom tools created for its specific skill (what it can do), and pinned knowledge (what it knows). Start a task with an agent, call one mid‑run, or let Neo hand off automatically.
While Neo can automatically assemble agents at runtime, there are cases where you should invest time in creating and refining specialized agents upfront. This approach gives Neo better building blocks for delegation and improves overall execution quality.Keep agents micro-focused. The more specific the agent, the better it performs and the more effectively Neo can delegate to it. A key benefit of micro-focused agents is their ability to be deployed for continuous automated execution as regression testers and ongoing reviewers. This enables proactive security workflows where agents continuously monitor and test your systems, catching issues before they reach production rather than reacting after vulnerabilities are discovered:
Repository-specific agents: Build agents that carry deep context about a particular codebase, including its architecture, conventions, dependencies, and business logic. Example: an agent specialized in your payments service repository that understands transaction flows, PCI compliance requirements, and sensitive data handling patterns.
Vulnerability-specific agents: Create agents focused on particular attack classes or vulnerability types. Example: an LLM injection specialist that knows prompt manipulation techniques, context escaping strategies, and validation bypass patterns specific to AI systems.
Application-specific agents: Design agents for testing particular applications or services. Example: an agent specialized in your SaaS platform that understands tenant isolation, cross-customer data leakage, subscription tier bypasses, and privilege escalation across organizational boundaries.
When Neo encounters a task, it selects from available specialists to delegate work. Micro-focused agents allow precise delegation: rather than a generic “web app testing” agent handling everything, Neo can route tenant isolation tests to your SaaS specialist, payment flows to your payments specialist, and prompt injection checks to your LLM security specialist. Each agent brings deep, targeted knowledge to its domain.You can start with a high-level description, let Neo assemble a draft agent, then iteratively refine it through testing and feedback. Once tuned, save and reuse it across projects. Over time, build a library of specialists that compound your team’s security knowledge and execution capability.
