A new open-source project called Tengu connects Claude to penetration testing workflows through Anthropic's Model Context Protocol (MCP) - the standard that lets AI assistants interact with external tools and data sources.
Tengu works as an MCP server that gives Claude access to common security testing tools like Nmap (network scanning), Nuclei (vulnerability detection), and DNS enumeration utilities. Instead of memorizing command-line flags or switching between terminal windows, a pentester can describe what they want in plain English and let Claude orchestrate the actual tool execution.
The project is early-stage and clearly aimed at security professionals who already know what they're doing. This isn't a push-button hacking tool. It's closer to a voice-activated command layer for people who'd otherwise be typing the same Nmap flags they've typed a thousand times. The value is in reducing context-switching during engagements, not in replacing security expertise.
MCP-based security tooling is a small but growing niche. As more AI assistants support the protocol, expect to see specialized servers for everything from cloud infrastructure auditing to compliance checking. Tengu is one of the first to target offensive security specifically, and it's worth watching how the security community responds to AI-assisted pentesting workflows becoming more accessible.