Hermes Agent: Orchestrating Multi-Model Security Workflows
Hermes is a message-passing orchestration framework for building multi-agent security systems. Where openclaw is a single autonomous agent, Hermes coordinates fleets of specialized agents — each an expert in a narrow domain — and routes work between them via a structured message bus.
The architecture
Hermes Orchestrator
├── ReconAgent (nmap, dns, osint)
├── ExploitAgent (vulnerability matching, PoC generation)
├── PostExAgent (privesc, persistence, loot)
├── ReportAgent (evidence correlation, markdown output)
└── DefenseAgent (detection rule generation from findings)
Each agent runs independently, publishes findings to a shared context, and subscribes to findings from other agents that are relevant to its domain.
Setting up a Hermes workflow
from hermes import Orchestrator, Context
from hermes.agents import ReconAgent, VulnScanAgent, ReportAgent
ctx = Context(target="192.168.1.0/24", auth_token="pentest-engagement-001")
orchestrator = Orchestrator(
agents=[
ReconAgent(model="claude-haiku-4-5"), # fast, cheap
VulnScanAgent(model="claude-sonnet-4-6"), # balanced
ReportAgent(model="claude-opus-4-8"), # quality output
],
max_parallel=3,
)
result = await orchestrator.run(ctx)
Why multi-model matters
Not every task needs the most capable model. Hermes routes routine enumeration to cheaper, faster models and reserves the expensive, capable models for complex reasoning — vulnerability chaining, report writing, detection rule authoring.
Defensive considerations
Multi-agent systems can generate far more noise than a single operator. Defenders should watch for:
- Correlated scanning patterns across multiple source IPs
- Unusually fast progression from recon → exploitation (AI moves faster than humans)
- Structured, systematic enumeration that looks automated
Get the next writeup in your inbox
New posts delivered when I publish. No spam.