Introducing Gideon: Open-Source Autonomous Security Operations

We are proud to announce the release of Gideon, an open-source autonomous cybersecurity operations assistant built by defenders, for defenders. Designed to transform how security teams analyze threats, manage vulnerabilities, and secure their infrastructure.

In a landscape where security teams are overwhelmed by alerts and data, Gideon doesn't just summarize logs—it thinks, plans, and acts. And it does so ethically, with zero offensive capabilities by design.

Unlike standard LLM chatbots that hallucinate or provide generic advice, Gideon is built on an agentic architecture (Plan-Act-Verify). When you ask a hard question like "Is our exposure to CVE-2026-1234 critical given our current config?", Gideon doesn't guess.

• Planning: It breaks the request into a research strategy.
• Execution: It uses real tools to gather evidence (NVD, VirusTotal, Exa).
• Self-Reflection: It critiques its own findings, spotting gaps in logic.
• Verification: It cross-references multiple sources before giving you an answer.

This extensible architecture means defenders can add new capabilities and skills as their threat landscape evolves.

Gideon leverages the full power of NVIDIA's GPU-accelerated AI platform to bring enterprise-grade speed and privacy to your local operations.

🚀 Real-Time Threat Detection with Morpheus

We've integrated NVIDIA Morpheus to provide GPU-accelerated cybersecurity pipelines that process over 200,000 events per second. Out of the box, Gideon supports:

• Digital Fingerprinting (DFP): Spotting compromised user accounts through behavioral anomalies.
• DGA Detection: Identifying malware command-and-control domains in real-time.
• Phishing Analysis: Using NLP to detect social engineering attempts in email streams.
• Ransomware Monitoring: Catching encryption patterns on the file system before damage is done.

🔒 Privacy-First Inference with NIM

With NVIDIA NIM (Inference Microservices) support, Gideon can run its "brain"—the core reasoning and planning models—entirely on your own infrastructure. This means your sensitive security research data never leaves your perimeter.

🗣️ Hands-Free Ops with PersonaPlex

Security isn't always about typing. Gideon integrates with PersonaPlex to offer hands-free voice operations, allowing analysts to run queries and get briefings while multitasking in the SOC.

Gideon comes pre-wired with a powerful extensible "Skills" system that connects to the industry's best intelligence sources:

• Neural Semantic Search: Powered by Exa AI, Gideon can find obscure technical write-ups and POCs that traditional search engines miss.
• Vulnerability Data: Direct feeds from NVD and CISA KEV (Known Exploited Vulnerabilities).
• Reputation Analysis: Real-time checking of hashes, IPs, and domains via VirusTotal and AbuseIPDB.
• Multi-Model Intelligence: Through OpenRouter, Gideon can access 400+ distinct LLMs, choosing the best model for the specific task at hand.

We believe AI should empower defenders, not attackers. Gideon is built with zero offensive capabilities—this isn't a limitation, it's a core design principle.

Powered by NVIDIA NeMo Guardrails, Gideon is strictly prohibited from generating exploitation code, malware, or assisting in cyber-attacks. It is 100% focused on mitigation, patching, and protection.

Our commitment: Ethical, extensible, and GPU-accelerated security—built by defenders, for defenders.

Gideon is open for defenders today. Get started in minutes:

# Install with Bun
git clone https://github.com/cogensec/gideon
cd gideon
bun install
bun start

Join us in building the future of defensive security.