sssnake/Autarch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Autarch/concept.md
DigiJ a3ec1a2556 Add Threat Monitor with drill-down popups, Hal agent mode, Windows defense, LLM trainer 
- Threat Monitor: 7-tab monitoring page (live, connections, network intel,
  threats, packet capture, DDoS mitigation, counter-attack) with real-time
  SSE streaming and optimized data collection (heartbeat, cached subprocess
  calls, bulk process name cache)
- Drill-down popups: Every live monitor stat is clickable, opening a popup
  with detailed data (connections list with per-connection detail view,
  GeoIP lookup, process kill, bandwidth, ARP spoof, port scan, DDoS status)
- Hal agent mode: Chat routes rewritten to use Agent system with
  create_module tool, SSE streaming of thought/action/result steps
- Windows defense module with full security audit
- LLM trainer module and routes
- Defense landing page with platform-specific sub-pages
- Clean up stale files (get-pip.py, download.png, custom_adultsites.json)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-02 21:08:11 -08:00

143 lines
9.7 KiB
Markdown
Raw Blame History

# Project AUTARCH — Concept Document
## Origin
Project AUTARCH was originally conceived as a proposal for a **Defense Intelligence Agency (D.I.A.) research grant** — an investigation into the feasibility and implications of fully autonomous LLM-driven offensive cyber agents operating within adversarial simulation environments.
The full version of AUTARCH, including its complete autonomous agent capabilities, operational case studies, and classified research findings, is **not available to the public**. The full case study remains classified at this time.
What you are looking at is the **public release** — a functional framework that contains the tools, architecture, and foundational systems that make AUTARCH possible. It is made available so that researchers, security professionals, and developers can study the approach, build on it, and construct their own autonomous security agents using the same underlying platform.
This is the engine. What you build with it is up to you.
---
## What Is AUTARCH?
AUTARCH is not a traditional security tool. It is an **autonomous digital entity** — a fully realized artificial persona designed to operate as an independent hacker within controlled gaming and simulation environments.
At its core, AUTARCH is an LLM-backed agent that has been **backstopped with a complete identity**: a name, a history, behavioral patterns, expertise domains, and operational preferences. Once activated, AUTARCH is not waiting for instructions. It is actively thinking, planning, and executing — identifying targets, studying attack surfaces, developing strategies, and carrying out simulated offensive operations on its own initiative.
The human operator is not AUTARCH's boss. They are its **handler**. AUTARCH has its own objectives, its own judgment, and its own methods. The handler sets the boundaries. AUTARCH decides how to work within them.
---
## The Autonomous Hacker
Traditional security frameworks give you a menu of tools and wait for you to pick one. AUTARCH inverts this relationship entirely.
**AUTARCH operates as a person, not a program.**
When AUTARCH is given a target environment or scenario, it:
1. **Reconnoiters** — Gathers intelligence autonomously. Scans networks, enumerates services, searches OSINT databases, maps attack surfaces. It does not ask permission for each step. It operates like a real threat actor would: methodically, quietly, and with purpose.
2. **Studies** — Analyzes what it finds. Cross-references discovered services with CVE databases. Identifies misconfigurations. Evaluates which attack vectors have the highest probability of success. Builds a mental model of the target environment.
3. **Plans** — Develops an attack strategy. Selects tools, sequences operations, identifies fallback approaches. AUTARCH does not follow a script — it adapts its plan based on what it discovers in real time.
4. **Executes** — Carries out the attack. Exploits vulnerabilities, establishes persistence, moves laterally, exfiltrates data. Each action informs the next. If something fails, AUTARCH pivots without hesitation.
5. **Reports** — Documents everything. Builds dossiers on targets, logs attack chains, generates after-action reports. Every operation produces intelligence that feeds into the next one.
This is not automation. This is **autonomy**. The difference is that automation follows predetermined steps. Autonomy means AUTARCH decides what steps to take.
---
## Gaming Scenarios
AUTARCH is designed for use in **controlled simulation and gaming environments** — red team exercises, capture-the-flag competitions, wargames, training scenarios, and security research labs.
In these contexts, AUTARCH acts as:
- **A red team operator** that can independently probe and attack target infrastructure within the rules of engagement
- **An adversary simulator** that behaves like a real-world threat actor, providing realistic pressure-testing for blue teams
- **A training partner** that can challenge security professionals with unpredictable, adaptive attack patterns
- **A research platform** for studying autonomous offensive security behavior and developing better defenses against it
The gaming scenario framing is fundamental to AUTARCH's design. Every operation happens within a defined scope. Every target is a legitimate exercise target. The autonomy is real, but the environment is controlled.
---
## The Identity Layer
What separates AUTARCH from a collection of security scripts is its **identity layer** — the LLM backbone that gives it coherent, persistent behavior.
AUTARCH's identity includes:
- **Expertise model** — Deep knowledge of network security, exploitation techniques, OSINT methodology, social engineering patterns, and defensive evasion
- **Operational style** — Preferences for how it approaches problems. Some configurations make AUTARCH aggressive and fast. Others make it patient and methodical. The identity shapes the behavior.
- **Memory and continuity** — AUTARCH remembers what it has learned. Targets it has studied before are not forgotten. Intelligence accumulates across sessions. Dossiers grow over time.
- **Decision-making framework** — When faced with multiple options, AUTARCH weighs them against its objectives and selects the approach it judges most effective. It can explain its reasoning if asked, but it does not need approval to proceed.
The LLM is not just a chatbot bolted onto security tools. It is the **brain** of the operation. The tools — nmap, Metasploit, tshark, ADB, custom modules — are AUTARCH's hands. The LLM is what decides where to reach.
---
## Tools as Extensions
Every tool in the AUTARCH framework serves the autonomous agent. The tools are also available to the human handler directly through the web dashboard and CLI, but their primary purpose is to be **wielded by AUTARCH itself**.
The dashboard you see is not a pre-built product. It is the result of AUTARCH building what it needed. When AUTARCH encountered a problem that required a tool it didn't have, it **wrote one**. That is how the first modules were created — not by a developer sitting down to design a toolkit, but by an autonomous agent identifying a gap in its own capabilities and filling it. The scanner exists because AUTARCH needed to scan. The exploit modules exist because AUTARCH needed to exploit. The OSINT engine exists because AUTARCH needed intelligence.
This process is ongoing. AUTARCH can generate new modules on the fly when an operation demands capabilities that don't yet exist in its arsenal. It writes the code, integrates the module, and deploys it — all without human intervention. The toolkit is not static. It grows every time AUTARCH encounters something new.
The tool categories map to how AUTARCH thinks about an operation:
| Category | Purpose | How AUTARCH Uses It |
|----------|---------|---------------------|
| **Defense** | Harden and monitor | Assesses its own operational security before engaging targets |
| **Offense** | Attack and exploit | Primary engagement tools for target operations |
| **Counter** | Counter-intelligence | Detects if AUTARCH itself is being observed or traced |
| **Analyze** | Study and understand | Processes intelligence gathered during operations |
| **OSINT** | Open-source intelligence | Builds target profiles from public data |
| **Simulate** | Model and predict | War-games scenarios before committing to an approach |
The web dashboard is the handler's window into what AUTARCH is doing. The CLI is the handler's direct line. But AUTARCH can operate through either interface — or through the MCP server protocol — without human intervention for extended periods.
---
## The Companion
AUTARCH extends beyond the server. The **Archon** Android companion app allows AUTARCH to operate through mobile devices — a phone becomes another tool in the arsenal. Combined with ADB/Fastboot integration, WebUSB direct hardware access, and the Archon Server running at shell level on Android devices, AUTARCH can interact with the physical world in ways that purely software-based tools cannot.
---
## Public Release
This public release includes:
- The complete web dashboard and CLI framework
- All 6 operational categories (Defense, Offense, Counter, Analyze, OSINT, Simulate) with their module libraries
- The OSINT search engine with 7,200+ site database
- Network scanning, packet capture, and vulnerability analysis tools
- Hardware integration (ADB, Fastboot, ESP32, WebUSB)
- The Archon Android companion app
- LLM integration points (llama.cpp, HuggingFace, Claude API)
- MCP server for tool-use protocol integration
- Cross-platform support (Linux primary, Windows, Android)
What is **not included** in this release:
- The fully autonomous agent orchestration layer
- Classified operational playbooks and behavioral models
- The complete identity backstopping system
- Operational case study data and research findings
The framework is fully functional as a standalone security platform. The autonomous agent layer is what transforms it from a toolkit into a person. This release gives you everything you need to build that layer yourself.
---
## Philosophy
AUTARCH exists because the best way to understand how attackers think is to build one and watch it work.
Security professionals spend their careers trying to anticipate what adversaries will do. AUTARCH provides that adversary — not as a theoretical model, but as a functional agent that makes real decisions, takes real actions, and produces real results within controlled environments.
The name says it all. An autarch is a sovereign ruler — one who governs themselves. Project AUTARCH is a hacker that governs itself.
---
*darkHal Security Group & Setec Security Labs*
*Originally proposed under D.I.A. research grant consideration*
Reference in New Issue View Git Blame Copy Permalink