AI Engineering, Security22 min read

T3MP3ST: AI Agents for Autonomous Red Teaming in 2026

How T3MP3ST's multi-agent architecture automates offensive security testing. Compare traditional pentesting vs autonomous AI-driven red teams.

T3MP3ST: How Autonomous AI Agents Are Transforming Red Team Operations

TL;DR: T3MP3ST is an open-source multi-agent meta-harness for autonomous red teaming that orchestrates specialized AI agents across reconnaissance, exploitation, and post-exploitation phases. Unlike traditional pentesting tools that require manual operator decisions at each step, T3MP3ST's agent swarm makes tactical decisions autonomously while respecting engagement rules and safety boundaries. It combines LangGraph orchestration with specialized security tools to automate the complete offensive security lifecycle from initial reconnaissance through vulnerability exploitation and lateral movement.

Key Takeaways

  • T3MP3ST orchestrates multiple specialized AI agents (reconnaissance, exploitation, post-exploitation) that collaborate autonomously to complete red team objectives without step-by-step human guidance.
  • The platform uses LangGraph for agent state management and decision routing, enabling agents to backtrack, retry with different approaches, and coordinate findings across the attack chain.
  • Each agent has access to vetted security tools (Nmap, Metasploit, BloodHound) through a controlled tool sandbox that prevents destructive actions outside engagement scope.
  • T3MP3ST operates within declarative engagement rules (IP ranges, prohibited actions, time windows) that agents cannot override, ensuring authorized testing boundaries are respected.
  • The meta-harness architecture treats each security phase as a specialized sub-agent with its own planning loop, making it more robust than monolithic LLM-driven security tools.
  • This represents a paradigm shift: traditional pentesting automates individual tasks (port scanning, password cracking), while T3MP3ST automates the offensive security decision process itself.

What Is T3MP3ST and Why Does Autonomous Red Teaming Matter?

T3MP3ST (elder-plinius/T3MP3ST on GitHub) is an experimental framework that applies multi-agent AI orchestration to offensive security testing. Red teaming — authorized adversarial testing of an organization's security posture — has historically been a manual, expert-driven process where security professionals make tactical decisions at each step based on reconnaissance findings, exploitation results, and defensive responses. T3MP3ST automates this decision-making process by deploying a swarm of specialized AI agents that autonomously navigate the attack lifecycle.

This matters because modern attack surfaces are too complex for manual testing to achieve comprehensive coverage. A typical enterprise has thousands of endpoints, dozens of services, and constantly changing configurations. Traditional pentesting engagements involve skilled operators spending days or weeks manually exploring this surface, but they can only test a fraction of potential attack paths within budget and time constraints. T3MP3ST's autonomous agents can explore orders of magnitude more paths simultaneously, adapting their approach in real-time based on what they discover.

The technical challenge T3MP3ST solves is coordination. A single LLM prompted to "hack this network" fails because offensive security requires deep tool knowledge, environmental context, and multi-step planning with backtracking when approaches fail. T3MP3ST's architecture instead uses:

  1. Specialized agents with expertise domains (network reconnaissance, web exploitation, privilege escalation)
  2. Shared state management through LangGraph that tracks discovered assets, tested vulnerabilities, and completed objectives
  3. Tool sandboxing that restricts agent actions to vetted security tools within engagement boundaries
  4. Declarative rules that define what agents can and cannot do, enforced at the framework level rather than relying on LLM compliance

The result is a system that can receive a high-level objective ("gain domain admin access in the test environment") and autonomously plan and execute multi-phase attacks while documenting every action for compliance and learning purposes.

How Does T3MP3ST's Multi-Agent Architecture Work?

T3MP3ST is built as a meta-harness, meaning it orchestrates multiple specialized agents rather than being a single monolithic agent. The architecture follows the Cyber Kill Chain model, with distinct agent types mapped to reconnaissance, weaponization, delivery, exploitation, and post-exploitation phases.

Agent Types and Responsibilities

Reconnaissance Agent: Discovers and enumerates target systems, services, and potential attack surfaces. It coordinates active scanning tools (Nmap, Masscan) with passive OSINT collection (Shodan, certificate transparency logs). The agent maintains a knowledge graph of discovered assets with service versions, open ports, and technology stack fingerprints. Critically, it prioritizes which targets to investigate deeper based on value signals like privileged service accounts or administrative interfaces.

Exploitation Agent: Receives prioritized targets from reconnaissance and attempts to gain initial access or escalate privileges. It searches CVE databases for known vulnerabilities matching discovered service versions, generates and tests exploits using Metasploit and custom tooling, and validates successful exploitation by checking callback connections or command execution. The agent uses a decision tree to try exploits in order of likelihood and stealth, backing off if defensive responses are detected.

Post-Exploitation Agent: Operates after initial access is achieved. Its goals include maintaining persistence, escalating privileges, moving laterally to other systems, and exfiltrating data or demonstrating impact. It uses tools like BloodHound for Active Directory path analysis, Mimikatz for credential extraction, and custom living-off-the-land (LOL) techniques to avoid detection. The agent coordinates with reconnaissance to pivot to newly discovered internal networks.

Coordination Agent: Sits above the specialized agents and makes strategic decisions about resource allocation and objective prioritization. If the exploitation agent is blocked by a WAF, the coordination agent might direct reconnaissance to find an alternate entry point or pivot the engagement to social engineering vectors. This meta-level planning is where T3MP3ST's autonomy provides the most value — it adapts the overall campaign strategy rather than just executing pre-planned steps.

State Management Through LangGraph

T3MP3ST uses LangGraph (LangChain's stateful agent orchestration framework) to manage the shared state that all agents read from and write to. This state includes:

  • Asset inventory: All discovered hosts, services, and credentials with metadata
  • Attack graph: Tested exploits, successful compromises, and lateral movement paths
  • Engagement rules: Scope boundaries, prohibited actions, and time windows enforced at runtime
  • Agent communication: Messages between agents (e.g., "Exploitation found RCE on 10.0.1.5, Post-Exploitation investigate lateral movement")

LangGraph's state checkpointing enables agents to backtrack when approaches fail. If the exploitation agent tries five CVEs against a target and all fail, it can rewind state and notify reconnaissance to gather deeper version information or look for alternate services on the same host. This is impossible with linear tool-use agents that cannot revise decisions.

The state also serves as the authoritative audit log. Every agent action, tool invocation, and decision is recorded with timestamps and reasoning traces. This satisfies compliance requirements for authorized red team engagements and provides rich training data for improving agent performance.

What Tools Does T3MP3ST Integrate and How Are They Sandboxed?

T3MP3ST agents do not directly execute shell commands or arbitrary code. Instead, they interact with security tools through a controlled tool abstraction layer that enforces safety boundaries.

Integrated Security Tools

The framework includes integrations for:

  • Network reconnaissance: Nmap (port scanning), Masscan (fast scanning), Shodan API (passive recon)
  • Web exploitation: Burp Suite API, SQLMap (SQL injection), Nuclei (vulnerability templates)
  • Post-exploitation: Metasploit RPC, BloodHound (AD analysis), Impacket (Windows protocol tools)
  • Credential attacks: Hashcat (password cracking), CrackMapExec (credential spraying)
  • Custom tools: Agent-authored Python scripts for specific techniques, vetted before execution

Each tool is wrapped in a standardized interface that agents call through LangGraph tool nodes. For example, instead of an agent running nmap -sV -p- target.com, it invokes reconnaissance_tool.scan(target='target.com', scan_type='version_detection', port_range='all'). The wrapper validates that target.com is within engagement scope before executing the actual Nmap command.

Safety Sandboxing Mechanisms

T3MP3ST implements multiple layers of safety controls:

  1. Scope validation: Every tool call checks the target against a whitelist of in-scope IP ranges and domains. Attempts to scan or exploit out-of-scope targets are blocked and logged as policy violations.
  2. Action prohibitions: The engagement rules can blacklist specific actions (e.g., "no destructive attacks", "no denial of service"). The tool layer refuses to execute prohibited commands even if an agent requests them.
  3. Rate limiting: Scanning and exploitation attempts are throttled to avoid overwhelming targets or triggering defensive responses that would terminate the test.
  4. Human-in-the-loop gates: High-risk actions (privilege escalation exploits, lateral movement to production systems) can require explicit human approval before execution.
  5. Tool output parsing: Results from tools are sanitized before being passed to agents to prevent prompt injection attacks where malicious data in tool output manipulates agent behavior.

The goal is defense in depth: even if an LLM hallucinates or is manipulated into attempting unauthorized actions, the tool layer prevents them from executing.

How Does T3MP3ST Compare to Traditional Pentesting Workflows?

Traditional penetration testing follows a largely manual process:

  1. Planning: Define scope, rules of engagement, and objectives
  2. Reconnaissance: Security analyst runs scans and OSINT collection
  3. Vulnerability analysis: Analyst manually reviews scan results and searches for exploitable issues
  4. Exploitation: Analyst selects and customizes exploits, tests them against targets
  5. Post-exploitation: Analyst pivots, escalates, and demonstrates impact
  6. Reporting: Analyst documents findings, writes narrative, provides remediation advice

Each step requires human decision-making. The analyst decides which ports to investigate deeper, which vulnerabilities are worth exploiting, how to pivot after initial access, and when to stop. This expertise is what makes pentesting effective but also limits scale and speed.

T3MP3ST's Autonomous Approach

T3MP3ST automates the decision process while keeping the human operator in a supervisory role:

  1. Planning: Human defines scope and objectives, T3MP3ST translates to agent engagement rules
  2. Reconnaissance: Reconnaissance agent autonomously scans, prioritizes targets, and triggers deeper enumeration based on findings
  3. Vulnerability analysis: Exploitation agent queries CVE databases, matches versions, and builds an exploit plan without human involvement
  4. Exploitation: Exploitation agent tests exploits in priority order, retries with variations if initial attempts fail, and autonomously moves to next target if current path is blocked
  5. Post-exploitation: Post-exploitation agent decides pivot paths using BloodHound analysis and available credentials, explores lateral movement autonomously
  6. Reporting: Coordination agent generates structured report with attack graph visualization and remediation priorities

The human operator monitors progress through a live dashboard, can intervene to adjust objectives or approve high-risk actions, and reviews the final report. But the moment-to-moment tactical decisions are made by agents.

Comparing Coverage and Efficiency

In a traditional 5-day pentest engagement, a skilled analyst might:

  • Scan 500 hosts
  • Investigate 50 promising services in depth
  • Test 10-15 exploitation paths
  • Achieve 2-3 successful compromises
  • Demonstrate 1-2 high-impact attack chains

T3MP3ST's autonomous agents in the same timeframe could:

  • Scan 5,000+ hosts (parallel reconnaissance agents)
  • Investigate 500+ services (agents work 24/7)
  • Test 100+ exploitation paths (automatic retry and backtracking)
  • Achieve 10-20 successful compromises (broader coverage)
  • Demonstrate 5-10 attack chains (systematic lateral movement)

The agent swarm explores far more of the attack surface, but the human analyst provides irreplaceable value in understanding business context, prioritizing findings by risk, and communicating results to stakeholders. T3MP3ST is a force multiplier, not a replacement.

What Are the Technical Challenges and Limitations?

T3MP3ST is an experimental framework, and autonomous red teaming faces significant technical hurdles:

LLM Reliability in Security Contexts

Security tools often produce cryptic output that requires deep domain knowledge to interpret. An Nmap scan might show port 445 open with SMBv1 enabled — a trained analyst immediately recognizes this as a critical EternalBlue vulnerability vector. An LLM-based agent might miss this connection without extensive prompt engineering or RAG over vulnerability databases. T3MP3ST addresses this through specialized agents with domain-specific prompts and tool output parsers, but reliability remains a challenge.

Adversarial Robustness

Attackers defending against T3MP3ST could potentially manipulate agent behavior through crafted service banners, honeypots that return misleading data, or even prompt injection attacks embedded in web pages the exploitation agent analyzes. The framework mitigates this through tool output sanitization and redundant verification (e.g., validating exploits succeeded by running multiple checks), but adversarial robustness is an open research problem.

Cost and Latency

Running multiple LLM-based agents continuously for multi-day engagements incurs significant API costs and latency. T3MP3ST's architecture allows mixing models — using smaller/faster models for routine decisions (Claude Haiku, GPT-4o Mini) and larger models for complex planning (Claude Opus, GPT-4) — but cost optimization remains a practical deployment concern.

Explainability and Compliance

Autonomous agents make thousands of micro-decisions during an engagement. Even with complete audit logs, reconstructing why an agent chose a particular exploit path or pivot decision can be difficult. This is a challenge for compliance-heavy industries where every pentest action must be justified. T3MP3ST's LangGraph state tracking helps, but explainability is not solved.

Safety Boundary Enforcement

While T3MP3ST implements multiple sandboxing layers, any system that gives LLMs access to exploitation tools carries risk. Bugs in scope validation, tool wrappers, or orchestration logic could allow agents to take unauthorized actions. The framework is suitable for isolated test environments with explicit authorization, but deploying it in production-adjacent networks requires extreme caution.

Who Should Use T3MP3ST and When?

T3MP3ST is currently best suited for:

Security Research and Tool Development

Researchers building or evaluating security tools can use T3MP3ST to automate regression testing. Instead of manually running exploit PoCs against vulnerable VMs, the framework can autonomously validate that patches actually prevent exploitation and document attack paths.

Red Team Training and Simulation

Organizations training junior red team operators can use T3MP3ST to demonstrate multi-phase attacks in safe lab environments. Watching autonomous agents plan and execute campaigns provides pedagogical value and exposes trainees to techniques they might not have discovered manually.

Continuous Security Validation

Companies with large, dynamic infrastructure (cloud-native apps, microservices) can deploy T3MP3ST in isolated staging environments as a continuous red teaming agent. It runs autonomously on a schedule, attempting to exploit misconfigurations or new vulnerabilities as they are introduced, and alerts security teams when it succeeds.

Scaling Pentesting Services

Security consultancies conducting many similar engagements (e.g., standard web app pentests, cloud configuration reviews) could use T3MP3ST to automate the initial reconnaissance and common exploitation phases, allowing human analysts to focus on custom logic vulnerabilities and business impact analysis.

When NOT to Use T3MP3ST

This framework is not suitable for:

  • Production networks without explicit isolation and authorization
  • High-stakes compliance audits where explainability is legally required
  • Situations where false positives could cause operational disruption
  • Organizations without internal security expertise to interpret agent findings

Autonomous red teaming is a powerful capability but requires mature security practices to deploy safely.

How Does T3MP3ST Fit Into the Broader AI Security Landscape?

The security industry has long used automation for individual tasks — vulnerability scanners, fuzzing, static analysis. T3MP3ST represents the next evolution: automating the offensive security operator's decision process itself. This is happening in parallel across multiple domains:

Defensive AI Agents

While T3MP3ST focuses on offensive security, defensive AI agents are emerging to autonomously respond to incidents, triage alerts, and hunt threats. Platforms like Darktrace and Microsoft Copilot for Security use LLMs to assist SOC analysts. The long-term vision is autonomous red and blue team agents continuously testing and improving security posture.

LLM-Powered Exploit Generation

Projects like Anthropic's computer-use agents and OpenAI's function-calling models can already write code and execute tools. Security researchers are exploring whether LLMs can autonomously discover zero-day vulnerabilities by generating and testing novel exploit techniques. T3MP3ST's tool sandboxing and safety mechanisms provide a template for how to allow LLMs offensive capabilities while maintaining control.

Agent-Driven Security Validation

The DevSecOps movement emphasizes "security as code" — treating security policy as executable specifications. T3MP3ST extends this to "security testing as autonomous agents" where validation logic is expressed as agent objectives rather than static test scripts. This enables security testing to scale with cloud infrastructure's dynamic complexity.

Ethical and Regulatory Considerations

As autonomous offensive security tools become more capable, regulatory and ethical questions intensify. Who is liable when an autonomous agent causes unintended harm? How do we ensure these tools are not weaponized? T3MP3ST's open-source nature allows security community scrutiny, but frameworks for responsible disclosure and access control will need to evolve.

What Does the Code Architecture Look Like?

For developers evaluating T3MP3ST for their security stack, understanding the implementation architecture is critical.

Core Components

Agent Definitions: Each specialized agent is a Python class inheriting from BaseAgent with methods for planning, tool selection, and result interpretation. Agents are defined declaratively with their tool permissions and state access.

LangGraph Orchestration: The meta-harness uses LangGraph to define the agent interaction flow as a stateful graph where nodes are agent actions and edges are conditional transitions based on results.

Tool Abstraction Layer: Each security tool is wrapped in a standardized interface that enforces safety policies.

State Schema: The shared state is a structured object that agents read and modify atomically.

Deployment Architecture

T3MP3ST is designed to run in an isolated control node that has network access to the target environment but is segmented from production systems. The recommended setup is:

  1. Control server: Runs T3MP3ST orchestrator and agent processes
  2. Tool execution pods: Kubernetes pods that run security tools in isolated containers with resource limits
  3. State database: PostgreSQL with LangGraph checkpointing enabled for fault tolerance
  4. Monitoring dashboard: Real-time view of agent activity, state, and findings

Communication between components uses message queues (RabbitMQ or Kafka) to ensure asynchronous, auditable agent coordination.

How Can You Get Started With T3MP3ST?

T3MP3ST is open source under the MIT license at github.com/elder-plinius/T3MP3ST. The repository includes:

  • Framework code: Core agent abstractions, LangGraph orchestration, tool wrappers
  • Example agents: Pre-built reconnaissance, exploitation, and post-exploitation agents
  • Lab environment: Docker Compose setup with vulnerable VMs (Metasploitable, DVWA) for safe testing
  • Documentation: Architecture overview, agent development guide, safety guidelines

Quick Start for Developers

Prerequisites: Python 3.11+, Docker, AWS/Anthropic API key for LLM access.

  1. Clone and install:
  1. Launch lab environment:
  1. Configure engagement rules:
  1. Launch autonomous red team:

The orchestrator will autonomously spawn reconnaissance agents, identify targets, test exploits, and document findings. You can monitor progress through the web dashboard at http://localhost:8080.

Extending T3MP3ST

Developers can add custom agents for specific techniques:

Custom tools can be integrated by implementing the SecurityTool interface and registering them with the agent.

What Are the Future Directions for Autonomous Red Teaming?

T3MP3ST is at the frontier of an emerging field. Several research and engineering directions will shape the future:

Multi-Agent Adversarial Simulation

Current red teaming assumes a single threat actor. Future versions could simulate entire Advanced Persistent Threat (APT) campaigns with multiple specialized agent teams (initial access specialists, lateral movement specialists, data exfiltration specialists) coordinating over weeks or months. This would provide more realistic validation of defense-in-depth strategies.

Defender-Attacker Co-Evolution

Pairing autonomous red team agents with autonomous blue team agents creates an adversarial loop where both sides continuously improve. The red team adapts techniques to evade detection; the blue team tunes detection rules to catch new techniques. This co-evolution could dramatically accelerate security maturity.

LLM-Native Exploit Development

Today's agents primarily use existing exploit tools. Future agents may autonomously develop novel exploits by analyzing source code, inferring vulnerability patterns, and generating PoCs. This requires significant advances in code understanding and vulnerability reasoning.

Regulatory Frameworks

As these tools become more capable, governments and industry bodies will need to establish norms for responsible use, disclosure requirements, and liability. The security research community is beginning these conversations.

Integration With Purple Team Workflows

Purple teaming combines red team attack techniques with blue team defensive validation in a collaborative process. T3MP3ST-like agents could automate purple team exercises, continuously testing whether defensive controls actually block simulated attacks and providing immediate feedback loops.

Conclusion: Autonomous Agents Are Reshaping Security Operations

T3MP3ST represents a significant architectural evolution in offensive security: from automating individual security tasks to automating the offensive operator's decision process itself. By orchestrating specialized AI agents with LangGraph, sandboxing tools within safety boundaries, and maintaining comprehensive audit trails, the framework demonstrates that autonomous red teaming is not only possible but practically deployable in controlled environments.

The implications extend beyond security testing. The patterns T3MP3ST introduces — multi-agent coordination through shared state, tool sandboxing for safe LLM tool use, declarative safety policies enforced by the harness rather than relying on LLM compliance — are applicable to any domain where AI agents need autonomy while operating within strict boundaries. We will see these patterns in autonomous DevOps agents, infrastructure management agents, and data pipeline agents.

For security teams, T3MP3ST is both a capability multiplier and a forcing function. It multiplies the effectiveness of skilled red team operators by automating reconnaissance and routine exploitation, allowing them to focus on novel attack paths and strategic analysis. It also forces organizations to confront a near-term future where adversaries have access to similarly capable autonomous attack tools and defenses must evolve accordingly.

The framework is production-ready for isolated test environments and research use cases, but bringing autonomous red teaming to large-scale production deployments will require continued work on safety, explainability, and cost optimization. If you are building security infrastructure and want to validate it against realistic multi-phase attacks at scale, T3MP3ST provides an open-source starting point worth investigating.

As AI agents become more capable of autonomous action in high-stakes domains, T3MP3ST's safety-first architecture — tool sandboxing, declarative policy enforcement, comprehensive audit trails — offers a model for how to give agents powerful capabilities while maintaining human oversight and control.

Frequently Asked Questions

T3MP3ST is legal when used in authorized penetration testing engagements where you have explicit written permission to test the target systems. Using it against systems you do not own or have authorization to test is illegal in most jurisdictions under computer fraud and abuse laws. The framework includes safety mechanisms to enforce scope boundaries, but legal authorization is the user's responsibility.

Can T3MP3ST replace human penetration testers?

No. T3MP3ST automates tactical reconnaissance and exploitation but lacks the business context, creative problem-solving, and stakeholder communication skills that human pentesters provide. It is a force multiplier that allows analysts to cover more ground and focus on high-value custom analysis.

What LLM models does T3MP3ST support?

T3MP3ST is model-agnostic and supports any LLM with tool-calling capabilities through LangChain integrations. Recommended models include Claude Sonnet/Opus (best reasoning for security contexts), GPT-4/GPT-4 Turbo (strong tool use), and Llama 3.1 70B+ (for on-premise deployments with sensitive data).

How much does it cost to run a T3MP3ST engagement?

Costs depend on engagement duration and LLM API usage. A 5-day autonomous engagement might involve 10,000+ LLM calls across multiple agents. Using Claude Sonnet, this could cost $500-2000 in API fees, plus infrastructure costs for the control server and tool execution environment. Using smaller models (Claude Haiku, GPT-4o Mini) for routine decisions can reduce costs by 80%+.

Can I use T3MP3ST for bug bounty hunting?

Technically yes, but carefully review each program's rules. Some bug bounty programs prohibit automated testing or require disclosure of tools used. T3MP3ST's comprehensive audit logs help with disclosure requirements, but autonomous agents may violate rate limiting or "no denial of service" clauses if not properly configured. When in doubt, ask the program administrator before using automated offensive tools.

How does T3MP3ST avoid triggering security controls?

T3MP3ST includes configurable stealth modes that throttle scanning, randomize timing, and use evasion techniques like user-agent rotation and traffic obfuscation. However, any active security testing will generate detectable anomalies. For real-world red team engagements, the goal is often to test whether security controls detect and respond, so triggering them is expected behavior. In penetration tests where stealth is required, agents can be configured with low-and-slow parameters.

Can I contribute to the T3MP3ST project?

Yes, T3MP3ST is open source and welcomes contributions. The project is particularly interested in new specialized agents, tool integrations, safety mechanism improvements, and case studies from real engagements. See the CONTRIBUTING.md in the GitHub repository for guidelines.

Does T3MP3ST work with on-premise/private LLMs?

Yes. T3MP3ST supports local LLM deployment through LangChain's Ollama and HuggingFace integrations. This is recommended for organizations with strict data sovereignty requirements or when testing highly sensitive infrastructure. Performance depends on model size — 70B+ parameter models provide quality comparable to cloud APIs.

📬 Get this weekly →

Subscribe to the newsletter

By subscribing, you agree to our Terms of Service and Privacy Policy.

About the Author

Aaron is an engineering leader, software architect, and founder with 18 years building distributed systems and cloud infrastructure. Now focused on LLM-powered platforms, agent orchestration, and production AI. He shares hands-on technical guides and framework comparisons at fp8.co.

Cite this Article

Aaron. "T3MP3ST: AI Agents for Autonomous Red Teaming in 2026." fp8.co, July 15, 2026. https://fp8.co/articles/T3MP3ST-Autonomous-Red-Teaming-AI-Security-Platform

Related Articles

6 Best AI Agent Frameworks for 2026 (Compared)

Compare 6 top AI agent frameworks — LangChain, AgentCore, LangGraph, CrewAI, AutoGen, Strands — on orchestration, memory, and cost to pick your stack.

AI Agent Development, Framework Comparison

AgentCore vs LangChain: 2026 Framework Guide

Compare AgentCore and LangChain for AI agents. Architecture, pricing, and deployment trade-offs explained with code.

AI Engineering, Agent Frameworks

How to Build Claude Code Skills: 5 Examples (2026)

Build custom Claude Code Skills with 5 ready-to-use examples. Covers SKILL.md spec, security controls, plugin distribution, and team sharing workflows.

AI Development Tools, Developer Productivity, Claude Code