Skip to content
@vyrox-security

Vyrox Security

Autonomous AI SOC analyst for noisy alert queues.
README.md

Vyrox Security Banner

Status Action layer Containment policy Audit policy

Vyrox

The autonomous, auditable action layer for security operations.

Detection is solved. Response is not. An alert fires, lands in a queue, and at 2am nobody is home. When someone does act, no one can reconstruct afterward what was done or why. Teams bought detection and were left alone with the hard part.

Vyrox acts on the alert and proves it. We triage every EDR alert, take action on the ones that are real, and write every action to a tamper-evident log the customer owns.

How it works

[EDR alert] -> [Ingest] -> [Heuristics] -> [LLM triage] -> [Decide] -> [Act] -> [Audit]
  1. Ingest - CrowdStrike, SentinelOne, Defender, and a field-mapped generic adapter post alerts to a per-tenant webhook, authenticated with HMAC-SHA256.
  2. Triage - A deterministic heuristics engine clears the obvious noise in milliseconds. Only the genuinely ambiguous alerts reach an LLM, which writes verdict fields and never executes anything.
  3. Decide - Human approval by default. Autonomous only where the customer has turned it on and the action is reversible.
  4. Act - Approved containment runs through a small, hardened Rust proxy: signed, rate-limited, and built to fail closed.
  5. Prove - Every action lands in a SHA-256 hash-chained audit log the customer owns, ready for an auditor or an insurer.

Who it is for

Sold MSSP-first: one analyst runs many client tenants from a single console and can prove every action to each client's auditor. Lean in-house teams that own security but have no 24/7 SOC come in through the inbound door.

Open core

The execution proxy is MIT licensed. If a piece of software can isolate a production host, the people running it should be able to read exactly what it does before they trust it. The heuristics corpus and the orchestration core stay private: that is the product, and handing detection logic to attackers helps no one.

Repositories

Repo What it is License
vyrox-proxy Rust containment proxy, the audited execution boundary MIT
vyrox-docs Public architecture, API contracts, threat model, audit-chain spec Proprietary
vyrox-simulator Deterministic alert simulation for exercising the pipeline MIT
vyrox-www Public product site Proprietary

Contact

Status

Alpha. Shipping today: the Rust proxy, ingestion, two-stage triage, human-approved containment, and the SHA-256 audit chain. In active build: the operational console, graduated autonomy, and the evidence engine.

Contributors

keirsalterego
keirsalterego		 starkalterego
starkalterego

Total unique contributors: 2

Built for analysts who deserve real signal, not 300 false positives a shift.

Pinned Loading

  1. vyrox-proxy vyrox-proxy Public

    Hardened Rust containment proxy for approved EDR actions with HMAC verification, rate limiting, and audit logging.

    Rust 7 1

  2. vyrox-simulator vyrox-simulator Public

    Alert simulation toolkit for testing Vyrox ingestion and triage flows with realistic CrowdStrike-style fixtures.

    Shell 1 1

  3. vyrox-docs vyrox-docs Public

    Public architecture, API, and security documentation for the Vyrox autonomous SOC analyst pipeline.

    CSS 1

  4. vyrox-www vyrox-www Public

    Public website for Vyrox product messaging, trust model, and technical entry points.

    TypeScript 1

Repositories

Showing 5 of 5 repositories

People

This organization has no public members. You must be a member to see who’s a part of this organization.

Top languages

Loading…

Most used topics

Loading…
Developer Program Member