NERF Open Source AI Security Engineering Platform Enters Public Beta

What NERF Does
NERF is an AI security engineering platform and autonomous coding agent that covers offensive, defensive, and everything in between. The platform includes 1,563 security techniques across 117 domains, organized into 9 auto-detected operating modes:
- 🔴 RED - Attack paths, exploitation, C2, lateral movement
- 🔵 BLUE - Detection engineering, Sigma/KQL/SPL rules, hardening, threat hunting
- 🟣 PURPLE - ATT&CK mapping, adversary emulation, detection coverage, gap analysis
- 🔍 RECON - OSINT, passive/active recon, asset discovery
- 🚨 INCIDENT - Triage, digital forensics, containment, timeline reconstruction
- 🏗️ ARCHITECT - Zero trust, threat modeling (STRIDE/DREAD/PASTA)
- 🔧 BUILD - Security tooling, automation, CI/CD security, IaC
- 🟢 PRIVACY - GDPR, CCPA, HIPAA, DPIAs, OpSec
- 🔬 RESEARCHER - Vulnerability research, CVE analysis, threat intel
BUILD mode layers on top of any other mode. RED+BUILD produces offensive tools, BLUE+BUILD produces defensive automation.
Technical Architecture
Under the hood, NERF includes:
- 26 LLM providers (Claude, OpenAI, Ollama, OpenRouter, etc.) via unified routing layer with per-phase model selection (cheap models for research, expensive for planning)
- RAG pipeline over 96 knowledge docs (17,800+ chunks, FTS5 indexed)
- Cross-session memory that persists across engagements
- Compliance automation for 39 frameworks (NIST 800-53, SOC 2, PCI DSS 4.0, HIPAA, GDPR, ISO 27001, FedRAMP, EU AI Act, and more)
- Full engagement engine: work decomposition, auto mode, budget enforcement, crash recovery, git worktree isolation
- REST API (16 endpoints), MCP server, Signal bot, full CLI
- ~6,900 tests passing
Getting Started
Quick start commands:
npm install -g @defconxt/nerf
nerf setup
nerf doctor
nerf (in your project directory)Example usage:
nerf scan https://example.com
nerf compliance SOC2
nerf how do I detect Kerberoasting
nerf red --auto pentest the targetAdditional Resources
The main site also includes threat actor profiles and comprehensive dossiers, privacy protection tools, and automated IT/Cybersecurity News aggregated into one spot. This is a public beta - not accepting contributions yet, but feedback is welcome via GitHub issues.
📖 Read the full source: r/ClaudeAI
👀 See Also

repo-mem: Open-Source MCP Server Adds Persistent Team Memory to Claude Code
repo-mem is an open-source MCP server that adds persistent, shared memory to Claude Code sessions using SQLite and Git. It solves team isolation by storing observations in per-user databases that get committed to the repository.

AI Agent Session Center: 3D Dashboard for Monitoring Claude Code Sessions
AI Agent Session Center is a real-time dashboard that visualizes Claude Code sessions as 3D robots in a cyberdrome, with animations showing agent status and features including live terminal views, approval alerts, and session resume. It installs via npx with lightweight bash hooks.

DeepSeek Reasonix: Native Coding Agent with High Caching and Low Cost
Reasonix is a DeepSeek-native AI coding agent for the terminal, focusing on high caching efficiency and low inference cost.

Claude-kit: Configuration Management System for Claude Code Projects
Claude-kit is an open-source tool that manages .claude/ directory configurations across multiple projects. It auto-detects tech stacks, generates configs, audits security and quality, and syncs changes without overwriting customizations.