The AI threat surface is moving faster than the tooling.
c0d3x.io exists to close that gap — in public, with the community.
Every project here is built and battle-tested in real environments.
No theoretical frameworks. No vendor marketing dressed as research.
If a tool doesn't work, we say so.
| Project | Description | Status |
|---|---|---|
| Herald | Herald is a single-upstream forward proxy. | In-progress |
Technical findings and security research published at
meghshetty.medium.com
Latest: I built a red team agent to test Google's Model Armor — here's what it actually catches
- Findings are published openly — including the uncomfortable ones
- Tools ship when they're useful, not when they're polished
- Every release includes documented methodology, not just code
- Security signal matters more than star counts
Tooling developed with reference to:
- OWASP Top 10 for LLM Applications
- NIST AI Risk Management Framework
- MITRE ATLAS
- ISO 42001 (AI Management Systems)
Found a bypass we missed? Built something that extends our tooling?
Open an issue. Submit a PR. This only gets better with more eyes on it.