AI-native security tooling
AI-native security tooling
Most of the threat sits below the surface.
Security tooling where AI isn't bolted on — it's a first-class citizen in the design, the workflow, and the output. The work spans threat intelligence, incident response, and the tooling that makes both faster and sharper for the analysts and engineers who rely on them.
What we build¶
The name is the thesis: what's visible is a fraction of what's there. Our tools are built to surface the rest — structured intelligence products that reach the people who actually consume them, exercises that rehearse the incident before it's real, and the reusable agent skills the rest of it is built on.
Every project is API-first, server-rendered, security-hardened by default, and shares one design system.
Projects¶
-
IcebergCTI In development
A cyber threat intelligence authoring and dissemination platform: structure, write, and share intelligence products built for the people who actually consume them — notebook-based collection, structured report authoring, requirement-aligned dissemination.
-
IcebergTTX Shipping
A cyber and business-resilience tabletop exercise platform. Branching injects, live participant responses over WebSocket, simulated regulator and press comms, and optional AI-assisted assessment.
-
skilldeck Shipping
Composable, agent-agnostic security and code-review skills for AI coding assistants — Claude, Codex, Cursor, Copilot, and Kiro. The foundation the rest is built on.
-
IcebergEBS In development
A monitoring tool for Chromium, Electron, and similar extension surfaces — watching for risky or changing extensions before they become an incident.
Getting involved¶
Each repository carries its own README, issues, and contribution notes. Start with a project above, open an issue for anything non-trivial, and keep pull requests small and tested. Reviews are thorough and friendly.