Skip to content
@MK-ScorpioSec

mk-scorpiosec

README.md
MK ScorpioSec Banner



MK ScorpioSec Logo

AI-Native Security Operations

I don't hunt threats. I am the threat.

LinkedIn Telegram WhatsApp License

About

MK ScorpioSec builds open-source security tooling at the intersection of AI automation, offensive security, and regulatory compliance. Every tool released has been validated on real-world engagements.

I operate a fully air-gapped, AI-native security platform powered by local LLMs, autonomous agents, and orchestration pipelines — no cloud dependency, no data exfiltration risk.

Domains

Domain Focus Areas
AI Security LLM attack surfaces · MCP server auditing · prompt injection detection · agentic pipeline hardening
Offensive Security Automated pentest pipelines · web / mobile / IaC vulnerability research · bug bounty tooling
Post-Quantum & Compliance NIST FIPS 203/204/205 readiness · DORA · MiCA · ISO 27001 gap analysis
Cloud & IaC Security Terraform misconfiguration research · cloud attack path enumeration · CSPM
Security Automation N8N-based SOAR · AI-driven report generation · autonomous vulnerability triage

Open Source Tools

Tool Description Status
pq-audit Post-Quantum IaC scanner — 10 layers, BROKEN_NOW + SNDL risk tiers, NIST FIPS 203/204/205. Includes RAG-powered FP triage pipeline active
mcp-scanner MCP server security scanner — 9 checks: CVE exposure, tool poisoning (Unicode/BiDi), SSRF, supply chain (MITRE T1195.002), OWASP LLM Top 10 active
research IaC security research — TerraGoat gap analysis: 187 undocumented Trivy findings + crypto gaps pq-audit detected, missed by all standard scanners active

Stack

Python N8N Terraform Docker Obsidian Ollama Wazuh Kali Linux

Research Focus

  • Post-Quantum Cryptography — auditing PKI, TLS, and key exchange against NIST PQC standards before mandatory migration deadlines
  • AI Attack Surface — testing LLM integrations, MCP servers, and agentic pipelines for injection, exfiltration, and supply-chain vectors
  • IaC Security — Terraform misconfiguration research, Checkov gap analysis, undocumented findings in community benchmark repos
  • Autonomous Pentesting — AI-driven recon, vulnerability correlation, and remediation pipelines that close the loop from finding to report

Security Policy

Responsible disclosure via GitHub Security Advisories. I respond within 48 hours and follow coordinated disclosure.

Auditing the AI stack so you don't have to.

Popular repositories Loading

  1. mcp-scanner mcp-scanner Public

    MCP server security scanner — CVE check, auth audit, tool poisoning detection

    Python 5 2

  2. research research Public

    IaC security research — TerraGoat gap analysis (169 undocumented findings)

  3. .github .github Public

    MK ScorpioSec org profile and community health files

  4. pq-audit pq-audit Public

    Post-Quantum Holistic Security Audit — 10 layers, NIST FIPS 203/204/205 compliance

    Python

  5. mkscorpiosec.com mkscorpiosec.com Public

    MK ScorpioSec — Official website (mkscorpiosec.com) hosted via GitHub Pages

    HTML

Repositories

Showing 5 of 5 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…