GCP External Attack Surface Management (EASM) — Zero-knowledge, 5-phase recon with automated attack chain detection.

NuClide findings ledger — ECS-normalized, lifecycle-tracked, append-only SQLite store for AI infrastructure OSINT

Authorization Context Analyzer — a framework for describing code, systems, and behaviors by what they do vs. what they assume the right to do. 14-sample reference corpus spanning malware, supply-chain attacks, ICS, social engineering, and LLM prompt injection.

Targeted single-host passive recon CLI: one IPv4 → JSON report with PTR, Shodan, TLS cert, crt.sh, threat graph, and risk summary.

Seed-polymorphic reconnaissance engine with environmental contamination detection

Portable Conversation State Embedding — fingerprint how a user and an AI calibrate over time, then inject it at session start to skip the cold-start overhead tax.

Multi-source AI infrastructure discovery for government TLDs — CT logs + Shodan + DNS + Ollama fingerprinting with Mullvad VPN guard

Offline Semantic Exploit Mapping. Single-binary BERT encoder for mapping scans to Metasploit without Python or Torch.

Shodan exposure scanner + adversarial RAG security testing toolkit

Agentic recon CLI: RAG-grounded LLM drives 6 live tools (VisorGraph, aimap, BARE, nuclei, Menlo-hunt, OSV-scan) with every probe sandboxed in gVisor

Process injection detection benchmark: NtMapViewOfSection + WriteProcessMemory, Sysmon pass/fail per event ID