2 Building your first AI agent
This chapter covers
- Contrasting agents with script-based automation
- Modeling agent execution as a control loop
- Defining core agent components and boundaries
- Implementing a minimal agent specification
- Applying agents to recon data triage workflows
In chapter 1, we introduced AI agents and pipelines that bring reasoning, control, and accountability into offensive security workflows. We demonstrated why simple scripts and one-off LLM calls break down in dynamic environments, and why structure becomes crucial once automation starts making decisions. This chapter moves from theory to construction by building a real AI agent from the ground up.
The goal is not to build a clever demo or a production system: we illustrate how wrapping a large language model inside a small set of explicit components (messages, tools, and artifacts) turns reactive text generation into a controlled decision-making loop that can be inspected, replayed, and defended.
We’ll start by establishing a clear mental model for how agents work and by drawing firm boundaries between agents, scripts, and tools. We’ll illustrate how we can build an agent using Python without AI frameworks. After setting our foundation, we will apply frameworks, such as LangChain and AutoGen. The chapter concludes with the governance patterns that ensure agent behavior remains safe and defensible in real-world engagements.