Security-first tools across OT/ICS risk assessment and AI agent systems —
built to be auditable, governed, and honest about their limits.
Flagship · Platform Ohm AI
A local-first, multi-agent OT/ICS cybersecurity assessment platform. Ingests site evidence — network diagrams, asset inventories, firewall/ACL configs, vuln scans, and policies — then evaluates against IEC 62443 and NIST CSF 2.0 to produce scores, a report, and a prioritized remediation roadmap. Strictly local: no client data leaves the machine.
PythonLocal LLMsMulti-AgentIEC 62443NIST CSF 2.0
Early access Open Source · Reference Architecture Secure Enterprise AI Reference Architecture
A vendor-neutral, principal-level reference architecture for a secure enterprise AI platform: a mandatory AI gateway with prompt-injection and sensitive-data guardrails, access-controlled RAG that filters retrieval by data classification, a multi-agent orchestration plane where every agent gets a short-lived on-behalf-of identity, and brokered tool/MCP execution with graded human-in-the-loop approval. Ships a STRIDE + MITRE ATLAS threat model, a controls-traceability matrix across eight frameworks, and hands-on policy-as-code and SIEM-detection artifacts.
AI/LLM SecuritySecure RAGMulti-AgentOWASP LLM Top 10NIST AI RMF
View on GitHub ↗
Open Source multi-agent-orchestrator
A LangGraph supervisor → specialist → reviewer system with persistent memory, security-first human-in-the-loop approval (approve / reject / edit / take-over), and a tamper-evident SHA-256 audit hash chain. MIT-licensed with green CI across Python 3.10–3.12.
PythonLangGraphHITLAudit Chain
View on GitHub ↗
Open Source failure-forensics
Observability and root-cause analysis for multi-step AI pipelines. Traces every step, then uses an LLM-as-judge backward walk to localize the failing step and turn confirmed failures into eval cases. Security is the differentiator: the trace store is treated as a sensitive sink, with redaction-before-persist and a STRIDE-lite threat model.
PythonStreamlitClaudeOpenTelemetry
View on GitHub ↗
Open Source offsec-orchestrator
A governed agent for authorized security testing: a dependency-free MCP stdio client, an engagement scope / rules-of-engagement gate (fail-closed), default-deny active tools, and a propose → approve → execute loop backed by an audit hash chain. 88% test coverage.
PythonMCPGovernanceFail-Closed
View on GitHub ↗