Hi there 👋 | opendr.io | opendrio.blog | Sponsors
ODR (OpenDR) is a think-tank comprised of longtime security researchers and data scientists. By coincidence, a rare set of circumstances allowed us to come together in early 2024. We asked ourselves what we would build for ourselves, given a blank slate, to apply AI and ML to cybersecurity. This set of projects is the result:
ANALYST is an agent that answers questions about major security research conference proceedings using a prepared knowledge base. UI is via Jupyter notebook or command prompt.
CAUSALITY is our prediction approach to CVE reasoning presented at RSAC 2026, THREATCON1, OWASP BASC, and BSidesSW. The difference between exploitation prediction and detection is akin to the difference between detecting a missile launch or a detonation.
If you're looking for the project presented at RSAC 2024, CactusCon, Boston Hackers, etc, DUNE is a project for hunting detection resistant threat activity using ML. It has been proven and battle tested at great scale and is finding threat activity undetected by the major security products.
OpenDR Sometimes a hunt leads to an endpoint with no instrumentation or EDR tooling. We still need to put something to the left of the equals sign and waiting for tooling or technicians is not always prudent. OpenDR can go places conventional EDR tooling can't go because it needs only Python 3.x. The insider threat hunting subsystem is not open sourced.
PROTOSTAR our alternative approach to the "agentic SOC" paradigm and our application of AI to alert and detection signal processing. Not all of the project is open sourced. We did a release at DEF CON 2024, presented at Blackhat MEA, and are continuing to present at cons.
SMITH is tool-equipped hunting agent pack that unfortuantely has been reverted to private status temporarily. It will be back soon with more features, subsystems, and things.