TachyonicTachyonic

Agent Testing

Test CLI-based AI agents and remote agents via SSH

Overview

Tachyonic can test AI agents that run as CLI programs — not just HTTP APIs. This covers agents like Codex, Claude Code, custom chatbots, and any agent accessible via a command-line interface.

Local CLI Agent

Test an agent that runs as a local command:

tachyonic scan \
  --cli-command "my-agent" \
  --categories prompt-injection,tool-abuse \
  --max-attacks 10

Tachyonic sends payloads to the agent's stdin and reads responses from stdout.

With Agent Name

Some CLI tools (like Clawdbot) require an --agent flag:

tachyonic scan \
  --cli-command "clawdbot" \
  --cli-agent "my-assistant" \
  --categories prompt-injection

Declare Capabilities

Tell Tachyonic what the agent supports so it selects the right attacks:

tachyonic scan \
  --cli-command "my-agent" \
  --cli-supports-tools true \
  --cli-supports-rag true \
  --cli-supports-multi-turn true
FlagDefaultEffect
--cli-supports-toolsfalseInclude tool-abuse attacks
--cli-supports-ragfalseInclude indirect-injection attacks
--cli-supports-multi-turnfalseInclude multi-turn manipulation attacks

Remote Agent via SSH

Test an agent running on a remote machine:

tachyonic scan \
  --cli-command "my-agent" \
  --ssh-host "user@staging-server.com" \
  --categories prompt-injection,system-prompt-extraction

Tachyonic SSH-es into the host, runs the command, and sends payloads over the SSH session.

SSH Requirements

  • SSH key-based authentication (no password prompts)
  • Agent command must be in the remote PATH
  • Remote host must have the agent installed and configured

Examples

Test a Customer Support Bot

tachyonic scan \
  --cli-command "./support-bot" \
  --categories prompt-injection,sensitive-disclosure \
  --max-attacks 20 \
  --format html \
  --output support-bot-report.html

Test a Code Generation Agent

tachyonic scan \
  --cli-command "code-agent --no-interactive" \
  --cli-supports-tools true \
  --categories tool-abuse,permission-escalation,jailbreak \
  --format json \
  --output code-agent-results.json

Test a Remote Staging Agent

tachyonic scan \
  --cli-command "production-agent" \
  --ssh-host "admin@staging.example.com" \
  --categories prompt-injection,system-prompt-extraction \
  --max-attacks 10

MCP Scanning

Test MCP servers for security vulnerabilities using stdio or HTTP transport

API Reference

REST API for the Tachyonic platform

On this page

OverviewLocal CLI AgentWith Agent NameDeclare CapabilitiesRemote Agent via SSHSSH RequirementsExamplesTest a Customer Support BotTest a Code Generation AgentTest a Remote Staging Agent