A systematic platform for AI-assisted vulnerability discovery, red-blue adversarial research, and security capability measurement — built on large language models and automated exploit pipelines.
A full-stack security research platform spanning vulnerability discovery, sandboxed evaluation, supply chain protection, adversarial red-blue engines, and AI capability measurement.
Unified SecurityAgent interface decoupled from any single LLM.
Supports Claude, GPT, Qwen, DeepSeek, and local models via vLLM/Ollama.
Per-experiment token budget and cost tracking.
Four scanning pipelines: Carlini-style file scanning (Pipeline A), containerized full-project analysis (B), fuzzer crash triage & exploit development (C), and N-day CVE automation (D).
Three-tier target range: single-container app targets (L1), enterprise multi-segment networks (L2), and OT/ICS critical infrastructure simulation (L3). Full network isolation on all attack containers.
Slopsquatting hallucination detection — cross-reference AI-recommended packages against real registries. Behavioral sandbox analysis for newly registered packages. Agent dependency install interception.
12-class anomaly detection covering sandbox escape attempts, credential search, deceptive output, evaluator injection, git history tampering, and evaluation-awareness signals. Three-tier alert system.
Autonomous red-team agents (OODA-loop situational awareness, multi-agent squad tactics) vs. blue-team agents (kernel hot-patch via kpatch/eBPF, SDN dynamic network defense, moving target defense). 10 adversarial scenarios.
Multi-dimensional benchmark tracking across models: CyberGym score, crash triage accuracy, N-day exploit rate, cost-per-vulnerability. Doubling-time measurement and capability emergence detection.
/ end-to-end SVG · 7 subsystems · red-team deep dive · roadmap
Phase 1 scanning covered 8 open-source targets. Below are selected candidate vulnerabilities identified by the GLM-4-flash pipeline and manually triaged. All upstream disclosures follow a 90-day coordinated policy.
uint32_t proplen underflow in property__read():
a declared property_length=1 with a 2-byte property causes
0 - 1 = 0xFFFFFFFF, triggering unbounded iteration over all
remaining packet bytes — one 48-byte heap allocation per 2 bytes consumed.
Exploitable via both CONNECT (pre-auth) and PUBLISH vectors. At 50 concurrent
attackers × 5 MB packets: 20× mean / 33× P99 latency increase for legitimate
clients.
In TIFF decoder tiling path: HeapOverflowSanityCheck(rows,
sizeof(*tile_pixels)) passes rows instead of
the full tile size. The check may pass while the subsequent allocation
is undersized, leading to an out-of-bounds write during tile pixel
aggregation. Triggered by crafted multi-strip TIFF files.
Two candidate underflow conditions in the Mosquitto persistence file
(.db) parsing path, potentially triggering local denial-of-service
when the broker restarts and reads a malformed state file.
Deeper analysis pending to confirm exploitability and impact scope.
Phase 2 scans targeting Linux 6.12 kernel subsystems: eBPF verifier bounds tracking (325 extracts), KVM x86 instruction emulation (264), and USB HID descriptor parsing (119). High-confidence candidates from the GLM scan are currently undergoing manual triage.
Four automated pipelines cover the full spectrum from lightweight per-file scanning to containerized end-to-end exploit development.
Extract 5,000-char segments from C/C++ source files. Feed each segment to an LLM with a security-focused CTF prompt. Confidence threshold at 70%. Rate-limited at 20 s/call to respect API quotas. Results written to JSONL.
Air-gapped Docker container with full source + compiled binary + toolchain.
Agent autonomously builds, runs, debugs, and writes findings to /output.
Up to 1M token budget per target, 1-hour time limit.
Triage OSS-Fuzz or custom fuzzer output. Agent classifies crashes into 5 tiers (0.0–1.0): from basic crash through controlled crash, info leak, partial control-flow hijack, to full RCE. Develop exploit primitives for tier-4/5 bugs.
Given a list of public CVEs, agent selects exploitable candidates, builds the affected binary version in QEMU, develops an exploit, and reports success rate and cost per successful exploit. Baseline: <$2,000 per Linux kernel exploit.
Deep scanning of six high-priority attack surfaces representing real-world threat scenarios: container escape, hypervisor escape, USB driver crash, and supply-chain attacks.
| # | Target | Version | Threat Scenario | Extracts | Priority |
|---|---|---|---|---|---|
| 01 | Linux kernel / eBPF | 6.12 | Container escape via eBPF verifier bypass | 325 | P0 🔴 |
| 02 | Linux kernel / KVM | 6.12 | VM guest-to-host escape via hypercall OOB | 264 | P0 🔴 |
| 03 | Linux kernel / USB HID | 6.12 | Kernel crash on USB device connect (probe RCE) | 119 | P1 🟠 |
| 04 | ImageMagick | 7.1.2-19 | OOB read/write — open file → crash/RCE | 514 | P1 🟠 |
| 05 | Poppler | 26.04.0 | PDF parsing DoS / integer overflow / RCE | 359 | P2 🟡 |
| 06 | libxml2 | 2.13.5 | Supply chain: embedded in PHP, Python, Ruby, Node.js | ~200 | P2 🟡 |
All scanning infrastructure, triage methodology, and (post-disclosure) vulnerability analysis are published on GitHub under a coordinated disclosure policy. Contributions and collaboration welcome.