I Built My First AI Red Team Skill in 30 Minutes. It Did 4 Hours of Recon in Under 15.

I Built My First AI Red Team Skill in 30 Minutes

The first time I pointed an AI agent at a target and walked away, I came back to a finished recon report.

Subdomains mapped. Tech stack fingerprinted. AI endpoints flagged. A prioritized list of what to hit next. The kind of report that normally costs me an afternoon.

It took fifteen minutes. I did not babysit it.

That was the moment the job changed for me. Not "AI will help me write payloads." Something bigger.

The bottleneck that kills most engagements is not skill. It is time. And the thing I had just built quietly removed a chunk of it.

This is how it works, from zero, in about half an hour. No magic, no hype. Just the setup, the first skill, and an honest read on what it does and does not do.

The Shift That Actually Changed The Job

The old way: memorize every technique, grind through targets by hand, and keep it all in your head and a pile of notes.

The new way: build reusable skills that an AI agent executes with full access to your terminal. Then spend your attention on judgment instead of typing.

The question stops being "how do I remember all of this." It becomes "what should I build, and what should I let the agent run?"

I use Claude Code for this because it is the best tool I have found for offensive work. Agentic execution, custom skills, MCP integrations, real reasoning over an attack surface.

The concepts are not locked to one vendor, though. Gemini CLI, Codex, and other capable agents run the same patterns. The principle holds either way: an agent that reads code, runs commands, iterates on output, and reasons about what it finds is the new operating model.

Your Engagement Brief Is Just A File

Before you build anything, the agent needs to know what it is working on.

Claude Code reads a CLAUDE.md file at the root of your project. For offensive work, treat that file as your engagement brief: the scope, the rules of engagement, what is out of bounds, the offensive workflow, and the tools the agent is allowed to use. It is the difference between an agent that wanders and one that stays on a leash.

The project layout around it is simple. A folder for your custom skills, a folder for targets, a folder for findings, a folder for reports. The agent works inside that structure.

I put the full engagement-brief config and the exact project layout in the Field Manual, copy-paste ready. Link at the end.

Building The First Skill: Recon

A skill is just a markdown file the agent reads and follows. The recon skill I built runs in three phases.

Phase one is passive: DNS and subdomain enumeration, WHOIS, and technology fingerprinting. Phase two is the part that matters for modern targets, AI component detection: hunting for LLM endpoints, AI service headers, AI SDK references in the JavaScript, and vector database clients. Phase three, only if authorized, is active enumeration.

To run it, you open Claude Code in the project and say run recon on target.example.com. The agent reads the skill, runs the actual tools you have installed, and hands back a structured report: the infrastructure, the tech stack, the AI components it found, an attack-surface summary, and recommended next steps.

That report is four hours of careful manual work.

Under fifteen minutes here. And the output is structured and consistent enough to feed straight into the next phase.

Why Each Skill Compounds On The Last

The recon skill is a starting point, not the finish line.

You extend it: social-engineering recon, screenshot capture, Shodan or Censys integration, a dedicated MCP-server detection phase. Then you build a second skill that reads the recon output and drafts an attack plan. A third chains the first two.

That is the part people miss. Each skill reads the output of the last one.

After a month of building, you have an arsenal that runs coordinated operations you would never have attempted by hand.

The AI recon skill end to end: passive recon, AI component detection, active enumeration, structured report, fed by skills, agents, and hooks.

What The Agent Still Cannot Do

This is not about replacing pentesters, and I will not pretend otherwise.

An agent does not understand business context. It does not know the CEO email in a breach dump is worth more than a SQL injection on a staging box. It does not have the judgment to decide when to stop and when to push.

What it removes is the thing that actually kills engagements: time.

One operator with a good skill library does the recon, initial exploitation, and reporting that used to take a team of three. Not because the agent is smarter than three operators. Because it does not get tired, does not chase rabbit holes for emotional reasons, and does not forget the service on port 8443 because something shiny showed up on port 80.

A scanner runs known payloads against known patterns. An agent reads the recon, reasons about what is unusual, forms a hypothesis, and tests it in real time.

That is a different category of tool.

The operators who internalize this first get an asymmetric edge for the next two to three years. After that, everyone has it, and the edge moves to whoever built the best skills.

The window is open now.

Where This Series Goes Next

This is the first skill of a full operation.

The complete build is a seven-part field manual I am publishing piece by piece: recon at machine speed with parallel agents, weaponization, exploitation, coordination, and reporting.

Want the actual code? The complete CLAUDE.md engagement brief, the full recon skill, and the working configs are in the technical write-up on my site: Your First AI Red Team Skill: the Field Manual. Everything I build, I share, at krypteiasec.com.

Build the skill this week. Point it at a lab box you own. Watch the four hours collapse into fifteen minutes.

Then tell me the job has not changed.