NERF Open Source AI Security Engineering Platform Enters Public Beta
What NERF Does
NERF is an AI security engineering platform and autonomous coding agent that covers offensive, defensive, and everything in between. The platform includes 1,563 security techniques across 117 domains, organized into 9 auto-detected operating modes:
- 🔴 RED - Attack paths, exploitation, C2, lateral movement
- 🔵 BLUE - Detection engineering, Sigma/KQL/SPL rules, hardening, threat hunting
- 🟣 PURPLE - ATT&CK mapping, adversary emulation, detection coverage, gap analysis
- 🔍 RECON - OSINT, passive/active recon, asset discovery
- 🚨 INCIDENT - Triage, digital forensics, containment, timeline reconstruction
- 🏗️ ARCHITECT - Zero trust, threat modeling (STRIDE/DREAD/PASTA)
- 🔧 BUILD - Security tooling, automation, CI/CD security, IaC
- 🟢 PRIVACY - GDPR, CCPA, HIPAA, DPIAs, OpSec
- 🔬 RESEARCHER - Vulnerability research, CVE analysis, threat intel
BUILD mode layers on top of any other mode. RED+BUILD produces offensive tools, BLUE+BUILD produces defensive automation.
Technical Architecture
Under the hood, NERF includes:
- 26 LLM providers (Claude, OpenAI, Ollama, OpenRouter, etc.) via unified routing layer with per-phase model selection (cheap models for research, expensive for planning)
- RAG pipeline over 96 knowledge docs (17,800+ chunks, FTS5 indexed)
- Cross-session memory that persists across engagements
- Compliance automation for 39 frameworks (NIST 800-53, SOC 2, PCI DSS 4.0, HIPAA, GDPR, ISO 27001, FedRAMP, EU AI Act, and more)
- Full engagement engine: work decomposition, auto mode, budget enforcement, crash recovery, git worktree isolation
- REST API (16 endpoints), MCP server, Signal bot, full CLI
- ~6,900 tests passing
Getting Started
Quick start commands:
npm install -g @defconxt/nerf
nerf setup
nerf doctor
nerf (in your project directory)Example usage:
nerf scan https://example.com
nerf compliance SOC2
nerf how do I detect Kerberoasting
nerf red --auto pentest the targetAdditional Resources
The main site also includes threat actor profiles and comprehensive dossiers, privacy protection tools, and automated IT/Cybersecurity News aggregated into one spot. This is a public beta - not accepting contributions yet, but feedback is welcome via GitHub issues.
📖 Read the full source: r/ClaudeAI
👀 See Also
Sonicker: Voice Cloning Web App Built with Claude Code in 4 Days
Sonicker is a voice cloning web app that requires only 3 seconds of audio input and supports 10 languages. The developer built it solo in 4 days using Claude Code for the entire frontend, API integration, and deployment.
Canary: AI QA Agent for Automated Testing Based on Code Changes
Canary is an AI QA agent that reads codebases, analyzes pull request diffs, and generates end-to-end tests for affected user workflows. It connects to preview environments, runs tests, and comments results directly on PRs with recordings.
OpenClaw Kubernetes Operator with Embedded Ollama Support
A community member has created an OpenClaw Kubernetes operator that includes embedded Ollama support, allowing AI agents to run with local models in the same namespace. The setup includes installation commands, configuration details for both local and cloud Ollama models, and dashboard access instructions.
Introducing Xrouter: A Smart Hybrid LLM Router to Optimize Cost and Performance
Discover Xrouter, an open-source creation that dynamically integrates local with cloud inference, designed to slash AI costs while boosting efficiency.