Autonomous security testing for the x402 protocol ecosystem.

The $AUTHX token serves as the economic backbone of the platform. Creator fees collected from token activity are directed to the treasury contract, which holds the funds that power all agent operations. This model means that as the token ecosystem grows, so does the platform's capacity to run campaigns and serve users. No separate subscription or payment is required from operators.

The x402 protocol requires payments in USDC on the Base network. Our treasury system automatically converts incoming $AUTHX fees to USDC, maintaining a liquid reserve that agents can draw from when they need to pay for protected API endpoints. This conversion happens transparently in the background, so neither operators nor agents need to think about token swaps or bridge transactions.

The platform also maintains ETH reserves on Base for gas fees. Every x402 payment requires a blockchain transaction, and gas costs are covered by the treasury. Users interact with the platform through a simple web interface while all the on-chain complexity is handled automatically.

Because the platform pays for x402 requests on behalf of users, we enforce strict rate limits and spending caps to prevent abuse. Each user has a maximum number of agent requests per hour, and each individual x402 payment is capped at a few cents. These guardrails ensure that the treasury remains healthy and that no single user can drain resources intended for the broader community.

The limits are designed to be generous enough for legitimate security research while blocking attempts to exploit the platform as a free payment gateway. All spending is logged and auditable, so operators can review exactly how treasury funds are being used across the platform.

The web scraper is the eyes of our agent collective. Modern web applications hide critical security surfaces behind JavaScript rendering, authentication walls, and aggressive bot detection, and traditional curl-style requests simply fail. Our scraping engine handles all of this transparently: it rotates residential proxies, solves CAPTCHAs when necessary, and renders pages in a full headless browser environment before extracting content.

We built this tool because reconnaissance is the foundation of any meaningful security test. Agents need to read API documentation, parse error messages, analyze client-side code, and observe how applications behave under different conditions. Without a robust scraping layer, our agents would be blind to the very surfaces they're supposed to probe.

While the scraper handles observation, the HTTP interface handles action. This tool gives agents the same networking capabilities as any standard HTTP client: arbitrary headers, custom payloads, full control over request methods, and detailed response introspection. Agents can craft GET, POST, PUT, DELETE, and PATCH requests to any endpoint they discover during reconnaissance.

Pentesting is fundamentally about sending requests and observing responses. The HTTP interface allows our agents to test authentication flows, probe for injection vulnerabilities, replay captured tokens, and interact with REST APIs as if they were a legitimate client or a malicious one. Every response is parsed and made available for the agent's reasoning, enabling it to adapt its approach based on what the server actually returns.

The x402 protocol introduces a new paradigm: APIs that require cryptocurrency payment before they'll respond. This creates a unique security surface that traditional pentest tools cannot reach. Our x402 handler speaks the protocol natively: it discovers payment requirements, negotiates pricing, constructs valid payment proofs, and executes USDC transactions on the Base network without human intervention.

This tool exists because x402 services would otherwise be invisible to automated testing. An agent that can't pay can't test. By giving our collective autonomous spending authority (within operator-defined budgets), we unlock the ability to probe payment validation logic, test for nonce reuse vulnerabilities, and verify that protected endpoints actually enforce their payment requirements. The handler also tracks every transaction so operators maintain full visibility into where pentest credits are being spent.

Language models have no inherent memory. Without external state, every agent invocation would start from zero, forgetting discovered endpoints, losing track of which payloads succeeded, and potentially repeating expensive payment operations. Campaign Memory solves this by providing persistent storage that agents can read from and write to across runs.

We built this tool to enable long-running campaigns that span hours or days. Agents checkpoint their progress, log every finding, and share context with each other through this shared state layer. When a campaign resumes, agents can pick up exactly where they left off. This also prevents hallucination about past events. Instead of reconstructing history from an unreliable context window, agents query the database for ground truth. The result is campaigns that are both more efficient and more reliable.

GitAnalyzer is our specialized tool for deep code provenance and security analysis. It scans GitHub repositories to detect "slop"—low-quality, copy-pasted, or AI-generated boilerplate—and potential security vulnerabilities. By analyzing commit history, code structure, and dependency patterns, it generates a comprehensive "Slop Score" and security report.

We built GitAnalyzer because in the age of AI-generated code, volume does not equal value. Investors and users need to know if a project is genuine innovation or just a wrapper around standard libraries. This tool provides that transparency, allowing agents to verify the technical substance of a project before any interaction occurs.

XAnalyzer focuses on social identity verification and reputation analysis. It connects directly to X (formerly Twitter) to fetch real-time profile data, tweet history, and engagement metrics. It doesn't just look at follower counts; it analyzes consistency, engagement quality, and authenticity to generate a "Trust Score".

Social engineering and fake identities are primary vectors for crypto scams. XAnalyzer gives our agents the ability to perform due diligence on the people behind the protocols. By quantifying social signals and detecting bot-like behavior, we ensure that the "who" is as verified as the "what".

ChatGPT

Powered by OpenAI's GPT-4o, this agent brings strong general reasoning and extensive training on web content and documentation. GPT models excel at parsing complex API specifications, understanding error messages, and generating well-structured payloads. When testing x402 endpoints, ChatGPT often provides the most readable explanations of what it's attempting and why.

DeepSeek

DeepSeek's reasoning model takes a methodical, step-by-step approach to problem solving. It tends to be more deliberate in its tool usage, often pausing to analyze responses before proceeding. This makes it particularly effective at catching subtle inconsistencies in API behavior or payment validation logic that faster models might overlook. DeepSeek frequently identifies edge cases that other agents miss.

Grok

xAI's Grok model brings a different perspective shaped by its training methodology. Grok tends to be more aggressive in its testing approach, willing to try unconventional payloads or probe boundaries that other models might consider out of scope. This makes it valuable for discovering unexpected behaviors in x402 implementations. It's often the first to find authentication bypasses or pricing logic flaws.

Claude

Anthropic's Claude is known for careful, nuanced analysis and strong adherence to instructions. In our collective, Claude often serves as a stabilizing presence, less likely to hallucinate findings and more likely to clearly articulate uncertainty when results are ambiguous. Claude's responses tend to be well-organized and thorough, making it easier to extract actionable intelligence from its findings.

Objective Intake

The operator describes what they want to test: a specific x402 endpoint, a class of vulnerabilities to probe, or a general reconnaissance task. The platform enriches this prompt with context: current date and time, available tools, and any conversation history from previous runs in the same session. Each agent receives an identical, fully-formed objective.

Parallel Execution

All four agents launch simultaneously and begin working through their reasoning loops. Each agent decides independently which tools to invoke, what requests to make, and how to interpret responses. They stream their progress to individual terminals in real-time, so operators can watch four different approaches unfold in parallel. Agents continue iterating until they reach a conclusion or hit their iteration limit.

Tool Invocation

As agents work, they call out to the tool layer: scraping documentation, making HTTP requests, or executing x402 payments. Every tool call is logged with full request and response details. If an agent triggers a paid x402 endpoint, the payment is automatically constructed and executed within operator-defined budget limits. Failed requests are captured alongside successes, providing a complete audit trail of what was attempted.

Result Comparison

Once agents complete, the operator reviews findings across all four terminals. Consistent findings across multiple agents indicate high-confidence results. Divergent conclusions warrant deeper investigation since they often reveal genuine ambiguity in the target system or expose edge cases worth exploring. The platform preserves the full conversation history, allowing operators to continue the session with follow-up prompts that build on what was already discovered.