honeyslop is code canaries, decoys, for open-source projects drowning in AI-hallucinated ("slop") and unverified vulnerability reports. A slop scanner ingests the canary, then generates a vulnerability "report" based on it. The report self-identifies as slop. Close it in one grep.
This is a quick PoC, vibe-coded as a joke (not production-grade), because we received a slop report at raptor, ourselves. Should be fun!
Knostic is open-sourcing OpenAnt, our LLM-based vulnerability discovery product, similar to Anthropic's Claude Code Security, but free. It helps defenders proactively find verified security flaws. Stage 1 detects. Stage 2 attacks. What survives is real.
Why open source?
Since Knostic's focus is on protecting agents (not vulnerability research), we're releasing OpenAnt for free. Plus, we like open source.
...And besides, it makes zero sense to compete with Anthropic and OpenAI.
Releasing open source tools for security teams to get visibility into OpenClaw in their environments: openclaw-detect and openclaw-telemetry.
- openclaw-detect:
Shell and PowerShell scripts that detect OpenClaw installations on managed devices.
Checks for CLI binaries, app bundles, config files, gateway services, and Docker artifacts across macOS, Linux, and Windows. Deployable via MDM with docs for Intune, Jamf, JumpCloud, Kandji, and Workspace ONE.
- openclaw-telemetry:
A plugin for OpenClaw that captures tool calls, LLM usage, agent lifecycle, and message events.
Includes sensitive data redaction, tamper-proof hash chains, rate limiting, and log rotation. Outputs to JSONL, with optional CEF/syslog forwarding for SIEM integration (not yet tested).
RAPTOR empowers security research with agentic workflows and automation.
It combines traditional security tools with agentic automation and analysis, deeply understands your code, proves exploitability, and proposes patches.
First use: It generated patches for the FFmpeg Project Zero vulnerabilities.
It's also a PoC showing coding agents are generic, and can be adapted like a "WinAmp skin" for any purpose.
Written by Gadi Evron, Daniel Cuthbert, Thomas Dullien (Halvar Flake), and Michael Bargury.
3-5 minutes on the clock per demonstration, ranging from MCP && auto reverse engineering to writing cyber security songs with AI.
The event last week was incredible, this week's is tomorrow (Thursday).
The system will not catch everything in any way - but what it does catch has no false positives by definition. We're very happy to demonstrate live the value proposition and how alerting is one aspect of what we do.
This is why I'm unsure of the value. And to be clear, by "unsure of the value" I don't mean "unsure whether it has any value." It certainly has value. I'm just not sure how much, as, say, a dollar figure.
"No false positives" is fine marketing, but in practice you aren't replacing anyone's firewalls, endpoint agents, sandboxes, SIEMs, etc. All those false positives will still be there, along with many legitimate detections your system never sees.
If money were no object, then absolutely I'd buy. But given that money is usually a factor, that you're limited to detection, that you're only effective in scenarios where attackers touch your decoy systems, and that you're competing for dollars against products that detect more, detect it sooner, and often prevent it automatically, I don't know.
When you get one alert that you realize isn't false and has the forensic data tied to it, you can use it as a harness against the loads of information from all the other sensors (firewall, endpoints, sandboxes etc) to give you a definitive picture you're certain in.
This is a quick PoC, vibe-coded as a joke (not production-grade), because we received a slop report at raptor, ourselves. Should be fun!