Show HN: AI Agent for Microsoft Grap Red Team Framework (github.com)

A new open-source project implements an autonomous, GPT-4–driven red team framework targeting Microsoft Graph API. The tool chains three specialized AI agents (Scout/Strategist/Operative) to perform token analysis, automated reconnaissance (users, groups, apps, roles, endpoints), GPT-4 planning of multi-step attack paths, and adaptive execution with retry and replanning logic. It logs a complete audit trail (including curl equivalents), flags “crown jewel” targets (admin roles, audit logs), and can execute real-world post-exploitation actions such as privilege escalation, creating backdoor apps/service principals, persistence, and access to sensitive data. Tech stack: Python 3.8+, OpenAI GPT-4 via langchain/crewai orchestration, Microsoft Graph REST API (v1.0 and beta), OAuth 2.0 tokens, MITRE ATT&CK mapping, and integration options for SIEM/testing workflows. For the AI/ML and security communities this is notable because it demonstrates autonomous LLM planning applied end-to-end to a cloud identity API—lowering the effort to discover permission abuse and orchestrate complex attack chains while offering a powerful tool for authorized red teams and detection engineering. Key implications: defenders must assume adversaries can automate multi-step Graph abuse, so tighten app/token scopes, monitor unusual Graph activity and token claims, and test detection rules against realistic AI-generated patterns. The project is explicitly dual-use and intended for authorized testing only; operators need valid OpenAI and Graph tokens and careful governance.