CyberSecAuto Labs
Trustworthy AI-assisted systems, security automation, and controlled developer workflows
About
CSAL is an open-source initiative building trustworthy AI-assisted systems, security automation, and controlled developer workflows. We explore approaches that prioritize transparency, auditability, interoperability, and operator control. Our work focuses on practical tools that help humans make better decisions through automation, structured data, and explainable assistance rather than opaque autonomy.
Projects
-
Self-hosted MCP server that gives AI agents structured access to OpenVAS / Greenbone, with no telemetry and credential isolation between clients and the scanner. Returns raw scan data without transformation — a thin, auditable bridge. Analysis and reporting belong in the agent or in higher-level platforms.
-
Network egress auditing for test execution. Define allowed outbound connections, run your tests, and get a clear pass/fail report. Makes network behavior explicit, testable, and auditable in CI/CD.
-
aimd wip
Manage AI context files (CLAUDE.md, AGENTS.md, .cursor/rules) as private overlays that stay out of your project repository. Keep valuable context invisible to teammates and shared repositories, synced across machines using a standard Git remote you control. For developers who depend on AI tooling but cannot commit the context that makes it effective.
-
AiAVM coming soon
Self-hosted vulnerability triage engine built on DefectDojo. Deterministic logic scores and prioritizes findings; a local LLM explains the decisions — it never makes them. Vulnerability data and inference stay on your infrastructure.