back to changelog

Introducing Rook

A standalone, autonomous security agent for vulnerability research, bug hunting and source-code auditing, shipped as a single self-contained binary built on the ChatBotKit Go SDK.

We're introducing Rook, a standalone, autonomous security agent for vulnerability research, bug hunting and source-code auditing. Rook ships as a single Go executable with an entire library of security skills compiled directly into the binary. Download one file, give it a target and an authorized scope, and it works through the problem the way a researcher would: reconnaissance, analysis, hypothesis, verification, and a written report.

Rook is built on the ChatBotKit Go SDK, and that is what keeps it so light. The demanding part of running an agent - model orchestration, the reasoning and tool-execution loop, skill handling, scaling and reliability - runs as a managed service on ChatBotKit. The binary embeds the skills and streams the conversation, so the tool itself stays small and focused on the task at hand, and it inherits harness improvements without shipping a new build.

Because everything is baked into one statically linked executable, Rook goes wherever security work happens: a hardened bastion, an air-gapped network, a throwaway cloud VM, a CI runner. It is cross-compiled for Linux, macOS and Windows on both amd64 and arm64, needs no runtime, interpreter or config files alongside it, and its only external dependency is the ChatBotKit API and your key.

Out of the box Rook ships with 51 embedded security skills - phase-by-phase playbooks covering bug-hunting methodology, web and API vulnerability classes (IDOR, SQLi, XSS, SSRF, RCE, SSTI, XXE, OAuth, SAML, GraphQL, auth bypass, business logic, request smuggling, file upload, race conditions and more), enterprise and infrastructure attack chains (M365/Entra, Okta, cloud IAM, vCenter, VPN appliances, SharePoint), recon and OSINT, smart-contract auditing, and triage and reporting discipline. Adding your own skill is as simple as dropping a SKILL.md playbook into the project and rebuilding.

Rook is an offensive-security tool intended for authorized use only. Run it solely against systems, code and services you own or are explicitly permitted to test, and always pass an explicit scope that the agent is pinned to stay within.

Rook is open source under the MIT license and lives at github.com/chatbotkit/rook. Grab a prebuilt binary from the releases page or install from source, set your CHATBOTKIT_API_SECRET, and point it at your first authorized target.

rooksecurityagentgosdkopen-source