The swarm moves
inside the perimeter
NodeX deploys the same 500+ red teaming agent swarm that runs against your external attack surface inside your environment. One paired node enumerates Active Directory and Entra ID, walks machine identities, probes internal APIs and east-west segmentation, and exercises the orchestration layer of your own AI agents, with every finding exploit-validated.
Place nodes to match your network segmentation.
It starts in the portal. Create a node, name it, and define the network segments it can reach, a single node can cover one segment or many. How many nodes you deploy comes down to your segmentation: a flat network may need just one, while tightly isolated environments call for more. Either way there's no cap, and the platform hands you a one‑time pairing token to bind each node to your tenant.
- One node can provide visibility into multiple network segments
- Add more nodes as your segmentation isolates more of the environment
- No cap on nodes — deploy across sites, business units, and isolated segments
- Get a one-time pairing token that binds each node to your tenant
Import the VM, paste the code, you're paired.
Import the hardened NodeX virtual machine into your environment, boot it, set a new password, and paste the pairing token from step one. That's the whole install. No site‑to‑site VPNs, no network bridging, no inbound firewall rules. The node needs nothing but outbound internet to pair and maintain its encrypted command‑and‑control channel, and the process is identical whether you deploy one node or a hundred.
- Import the hardened VM anywhere inside your perimeter
- No bridged networks, no open inbound ports, no exposed services
- Outbound internet only — for pairing and encrypted C2
- Deploy one or a hundred — the steps never change
Online, healthy, and ready for engagements.
The moment pairing completes, the node reports in. From the portal you see live connection status, the running NodeX version, a heartbeat that confirms it was seen moments ago, and the exact network segments it covers. Assign an engagement to it and the swarm goes to work, entirely inside your perimeter.
- Live connection status and last-seen heartbeat at a glance
- Version tracking so you always know a node is up to date
- See the segments each node covers before you scope an engagement
Pick a node, point it at the targets that matter.
Launching an internal engagement is the same wizard you already know. Choose which connector node runs the attack, then hand it a target list, from assets the platform already discovered, or brand‑new targets it validates on the spot.
Pick the connector node that will run the attack, then assign targets from the assets the platform already knows. Each node carries its own independent target list, so every network gets exactly the scope you intend.
A plan per asset. The swarm, live, inside your network.
The instant an engagement starts, the platform builds an independent assessment plan for every selected asset and runs them in parallel. Open any plan to watch the agent swarm work in real time, the recon, the commands, the reasoning, the exploitation, happening inside your perimeter with nothing hidden.
One plan per asset
Every selected target gets its own automated assessment plan, generated the moment the engagement launches.
Running in parallel
Plans execute side by side with live stage and runtime, so coverage scales with your environment, not your headcount.
Live agent swarm
Open any plan and watch the agents work in real time, every command, decision and exploit, end to end.
Ready to bring the swarm inside?
Deploy NodeX in your own environment and run continuous, exploit‑validated red teaming across your internal attack surface, no consultants, no scheduling, no network surgery.
Want the external story first? Explore Red Teaming or scope your assessment.