An open source cybersecurity language model built from scratch in PyTorch. 81M parameter decoder-only transformer (RoPE, SwiGLU, RMSNorm) trained on a 422M token multi-domain corpus across 27 sources: cybersec writeups, NVD CVEs, MITRE / CWE / OWASP, NIST SP 800, FineWeb-Edu, open-web-math, and a 105 repo open source code pull spanning 15 languages.

Ships GhostAgent (a tool-using runtime), a multi-vendor HTTP server speaking OpenAI / Anthropic / Gemini / Ollama wire formats, an MCP server, and GhostBench (a packaged eval suite with Wilson 95% CIs and McNemar paired comparisons across 14 differentiation bets). 312 tests green.

ghostloop v1.0.3: the agent loop, embodied. Production-stable in 14 releases, pip install ghostloop on PyPI, live HuggingFace demo, full GitHub Actions CI/CD (PyPI Trusted Publishing OIDC + auto-create release pages + auto-redeploy Space). Six backends (Mock / MuJoCo / PyBullet / Gymnasium / ROS 2 / RandomizedBackend), 12 policy gates, MuJoCo Menagerie loader (Franka / UR5e / Stretch / Allegro / Spot / Aloha), LLMPolicy + VLAPolicy adapters, bench harness with Wilson CI + McNemar + Cohen's h + Sim2Real transfer-gap + adversarial fuzzing (random / grid / CMA-ES), STL temporal properties + auto-mining, counterfactual trace replay, causal failure attribution, LLM-as-judge, skill graph, hindsight relabeling, energy ledger, cross-embodiment morphology registry, RGB-D fusion + lightweight object detection, VLA-on-MuJoCo benchmark vs OpenVLA / π0 / RT-2 / Octo / Diffusion Policy / ACT, production fleet dashboard (auth + rate limit + alarms + Prometheus), distillation pipeline, real-time deadline scheduler, live policy intervention (pause / resume / hot-swap / e-stop), system-identification calibration. 359 tests green.

ghostloop-ui: Next.js 15 + React 19 + Tailwind 4 control plane for the ghostloop production backend. Live at ghostloop-ui.vercel.app with the FastAPI backend hosted free on Render. Fleet view, alarm tray with one-click ack, episode timeline, Prometheus metrics broken out per-counter, profile-aware gamepad mapper (drone / mobile base / quadruped / arm / humanoid), three-path /connect onboarding designed for non-coders (open the demo, run locally, embed in your stack). Demo-mode fallback so the Vercel deploy stays interactive even when no backend is configured.

ghostloop-desktop v0.2: Tauri 2 + Rust shell wrapping ghostloop-ui as a single-file desktop app. Voice control via the embedded WebView's Web Speech API on Windows + Linux ("ghostloop, stop / land / takeoff / pause"), gamepad rumble triggered on safety events (geofence block, force-cap trip, HITL escalation, e-stop), native OS notifications for alarms (toast / banner / libnotify), native gamepad input through gilrs polling at 120 Hz that handles wired and Bluetooth controllers identically (Xbox / PS5 / 8BitDo / Stadia), system-tray integration, global e-stop hotkey. Sidecar Python runtime via PyInstaller. Per-PR CI matrix (rustfmt + clippy + cargo check + cargo test on macOS / Linux / Windows) is green; cross-platform release-bundle pipeline (DMG / MSI / AppImage / deb / NSIS) is wired to tauri-action and parked behind workflow_dispatch until v0.2.1 finishes the Tauri-with-Next.js static-export switch.

secure-mcp: MCP server exposing security tools to AI agents with policy gates, subprocess sandboxing, and audit trails. Fail-closed by default.

CyberBench — Open, reproducible benchmark for evaluating LLMs on cybersecurity reasoning. YAML tasks, pluggable backends, ranked leaderboard.

linkdrop v0.7.1 — Cross-platform Tauri + Rust desktop app bridging iPhone to Linux for photos, files, notifications, screen mirroring. Daemon-backed pymobiledevice3 bridge, CI-built .deb / .AppImage.

AI agent safety stack: secure-mcp, ghostguard (4-tier policy proxy with audit dashboard), CyberBench

Defensive security toolkit: ghostaudit (23 CIS Kubernetes checks), ghostforensics (memory forensics with YARA + Volatility + STIX 2.1 export), ghostsiem (Sigma-rule SIEM), securecommit (pre-commit secret scanner)

Offensive tooling: concurrent TCP port scanner, packet-level traffic analyzer, vulnerability scanner, hash-cracking framework, MAC rotator, metadata scrubber

Full-stack platforms: Complex Developers CRM (Next.js 15 + Prisma + Postgres), ChartSentinel (trading SaaS with Stripe + PostHog + Sentry), High-End CRM, ai-coding-assistant

Replaced the naive E[X²] − E[X]² variance formula in PearsonCorrelation with Welford's online algorithm plus a parallel distributed merge. Fixes catastrophic cancellation in float32 (the metric was returning 0.89 instead of 0.99 for mean=1e6 data). Numerically stable across single-process and DDP.

Merged. Fixed agent name preservation in AgentExecutor node titles after page reload in the visual builder frontend. Small fix, surfaces in the user flow every time you reopen a saved graph, so the regression was high-visibility once introduced.

Authored the AI Model Supply Chain Security cheat sheet (now part of the OWASP corpus, 92 sheets). Covers unsafe deserialization (pickle / .pt / .pkl code execution, safetensors and ONNX alternatives), model provenance verification, artifact scanning with ModelScan and pickletools, secure storage and distribution, training pipeline hardening, and deployed model monitoring with MBOM and lineage tracking. Cites real attacks (HuggingFace pickle malware, PyTorch torchtriton dependency confusion).