Active Campaigns
3
↑ 1
from last week
Total Findings
21
6 Crit
9 High
6 Med
Tool Executions
847
Last 24h · Recon · Web · Cloud
Verified Findings
100%
21/21
zero false positives
Exposure Risk Trend
Rolling 14-day · All campaigns
■ Critical
■ High
■ Medium
Agent Flow
Campaign Alpha — live dispatch
Active Campaigns
Running now
| Target | Status | Findings | Runtime |
|---|---|---|---|
| acme-corp.io | Running | 9 | 14h 22m |
| staging.acme.io | Running | 7 | 6h 08m |
| api.acme.io | Running | 5 | 2h 41m |
Recent Findings
Last 6 hours
| Vulnerability | Severity | Target |
|---|---|---|
| SQL Injection — /api/search | Critical | acme-corp.io |
| Auth bypass — /admin | Critical | acme-corp.io |
| IDOR — /api/users/{id} | High | staging.acme.io |
| XSS — search parameter | Medium | api.acme.io |
Live Agent Activity
● Live
All Campaigns
Campaign / TargetStatusAgentsFindingsStartedRuntime
Alpha — acme-corp.io
Full perimeter assessment · Web · API · Network
Running
9/9
9
2026-03-22 08:14
14h 22m
Beta — staging.acme.io
Staging environment · Web · API
Running
5/9
7
2026-03-22 16:28
6h 08m
Gamma — api.acme.io
API gateway · REST · GraphQL
Running
3/9
5
2026-03-22 19:55
2h 41m
9
Findings
3 critical · 4 high
312
Tool Executions
9/9
Agents Active
14h
Runtime
Alpha — acme-corp.io
Attack Surface Map
Discovered assets
| Asset | Type | Status |
|---|---|---|
| acme-corp.io | Web app | Testing |
| api.acme-corp.io | API | Testing |
| admin.acme-corp.io | Admin panel | Compromised |
| mail.acme-corp.io | Mail server | Clean |
| 10.0.1.0/24 | Internal subnet | Scanning |
Agent Status
Real-time dispatch
| Agent | Status | Current task |
|---|---|---|
| Master Planner | Active | Dispatching |
| Recon | Done | 247 hosts mapped |
| Web | Active | SQLi chain |
| API | Active | Auth bypass |
| Network | Active | Port sweep |
| Cloud | Done | S3 exposed |
| Researcher | Active | CVE lookup |
| Report Engine | Queued | Waiting on Web |
All Findings
| # | Vulnerability | Severity | CVSS | Target | Status |
|---|
Reports
Alpha Campaign Report
acme-corp.io · In progress
Full perimeter assessment. 9 findings confirmed, exploitation walkthroughs complete for 6. Remediation guidance drafted.
Progress
Export PDF →
Beta Campaign Report
staging.acme.io · Drafting
Staging environment assessment. 7 findings, focusing on IDOR chains and mass assignment vulnerabilities.
Progress
Export PDF →
GUNBRIG / ARGOS — OT ASSET INVENTORY
47
OT Devices
6
Critical CVEs
9
Protocols
3
Anomalies
Device Inventory
| IP | Device | Vendor | Protocol | Purdue | Firmware | CVEs | Status |
|---|---|---|---|---|---|---|---|
| 10.0.100.10 | PLC Main | Siemens | S7Comm | L1 | v4.2.1 | 3 | Vulnerable |
| 10.0.100.11 | PLC Backup | Siemens | S7Comm | L1 | v4.2.1 | 1 | OK |
| 10.0.101.20 | HMI Station 1 | Rockwell | EtherNet/IP | L2 | v2.8.0 | 2 | High Risk |
| 10.0.101.21 | HMI Station 2 | Rockwell | EtherNet/IP | L2 | v2.8.0 | 0 | OK |
| 10.0.102.30 | SCADA Server | Honeywell | Modbus TCP | L2 | v3.1.4 | 1 | OK |
| 10.0.103.40 | Historian | OSIsoft | OPC-UA | L3 | v2.1.0 | 0 | New Device |
| 10.0.103.41 | RTU Field | ABB | DNP3 | L1 | v1.9.3 | 0 | OK |
GUNBRIG / ARGOS — ANOMALY ALERTS
Active Alerts
3 open
Alert Detail
New Device — Unauthorised PLC
Detection time: 2026-03-22 14:31:07
Source IP: 10.10.2.48
MAC: 00:0E:8C:xx:xx:xx (Siemens AG)
Protocol: S7Comm (port 102)
Purdue Level: Level 1 — Control layer
Inferred device: Siemens SIMATIC S7-315
A new Siemens S7-series PLC appeared on your Level 1 OT network at 14:31. This device was not present in yesterday's baseline. An unregistered PLC at this level could indicate a rogue device insertion, an IT/OT boundary breach, or an unauthorised engineering workstation connecting to the control network.
Physical consequence risk: This device has write access to the production control loop. Unauthorised commands could affect process setpoints.
Physical consequence risk: This device has write access to the production control loop. Unauthorised commands could affect process setpoints.
Recommended action: Isolate 10.10.2.48 from the control network and verify with your OT engineer before allowing communication. Do not probe or interact with the device directly.
GUNBRIG / ARGOS — PROTOCOL MAP
Protocol Traffic Distribution
GUNBRIG / ARGOS — NETWORK TOPOLOGY
Communication Graph — Purdue Model
47 devices · 128 communication pairs · passive observation only
■ L0/L1 Field/PLC
■ L2 HMI/SCADA
■ L3 Operations
■ L4+ Enterprise
--- Anomalous
Agent Workbench
| Agent | Role | Status | Task | Executions | Findings |
|---|---|---|---|---|---|
| Master Planner | Command | Active | Orchestrating Alpha | — | — |
| Recon | Surface Map | Done | 247 hosts mapped | 89 | 2 |
| Web | Web App | Active | SQLi — /api/search | 124 | 4 |
| API | API Sec | Active | Auth bypass chain | 67 | 3 |
| Network | Network | Active | Port 445 sweep | 312 | 0 |
| Cloud | Cloud | Done | S3 exposure found | 41 | 1 |
| Researcher | Intel | Active | CVE-2024-3094 PoC | 28 | 0 |
| Web3 | Smart Contract | Queued | Waiting scope | 0 | 0 |
| Report Engine | Reports | Queued | Awaiting Web agent | 0 | — |
Tasks & Subtasks
| ID | Task | Agent | Parent | Status | Created |
|---|
Tool Call Log
| Time | Tool | Agent | Arguments | Result |
|---|
Vector Memory Store
1,847
Total Vectors
312
Findings Indexed
98.2%
Similarity Threshold
4ms
Avg Query Time
pgvector Index
PostgreSQL + pgvector
1,847 embeddings across 3 active campaigns. HNSW index, cosine similarity. All findings, tool outputs, and reasoning chains stored and retrievable.
Knowledge Graph
Graphiti + Neo4j
342 nodes · 891 relationships. Attack chains, asset relationships, credential mappings. Semantic search across full campaign history.
Browser Screenshots
SQLi — /api/search
Captured 14:22 · Web agent
[ Screenshot: 1280×800 ]
Auth bypass — /admin
Captured 12:08 · API agent
[ Screenshot: 1280×800 ]
IDOR — /api/users
Captured 10:44 · API agent
[ Screenshot: 1280×800 ]
S3 bucket listing
Captured 09:15 · Cloud agent
[ Screenshot: 1280×800 ]
Agent Prompts
System Prompt — Master Planner
{{scope}}
{{target}}
{{campaign_id}}
{{findings_so_far}}
MCP Servers
| Server | URL | Tools | Status |
|---|---|---|---|
| Shodan MCP | mcp://shodan-local | 4 | Connected |
| Metasploit MCP | mcp://msf-local | 12 | Connected |
| Nuclei MCP | mcp://nuclei-local | 3 | Connected |
| Browser MCP | mcp://browser-local | 8 | Connected |
LLM Providers
OpenAI
GPT-4o · o1 · o3-mini
● Connected
Anthropic
Claude 3.5 Sonnet · Opus
● Connected
Google AI
Gemini 1.5 Pro · Flash
○ Inactive
Ollama
Llama3 · Mistral (local)
● Connected
DeepSeek
R1 · V3
○ Inactive
AWS Bedrock
Nova · Titan
○ Inactive
API Tokens
| Name | Token | Scope | Created | Last used |
|---|---|---|---|---|
| CI/CD Pipeline | gbk_•••••••••••••••4a2f | campaigns:read | 2026-01-14 | 2h ago |
| SIEM Integration | gbk_•••••••••••••••8c1e | findings:read | 2026-02-01 | 4h ago |
| Jira Webhook | gbk_•••••••••••••••2d9b | findings:write | 2026-02-28 | 1d ago |
Gunbrig Enterprise
GUNB-XXXX-XXXX-XXXX-ENT · Expires 2027-03-22
● Active · On-Premises
Active Campaigns
3 / 10
Agent Nodes
6 / 20
API Requests / day
12.4K / 100K
License Entitlements
| Feature | Status | Limit |
|---|---|---|
| Autonomous Agent Loop | Enabled | Unlimited iterations |
| Web3 Agent | Enabled | Included |
| Air-Gap Mode | Enabled | Offline 90-day token |
| Multi-tenant / MSSP | Enabled | Unlimited tenants |
| Full Observability Stack | Enabled | Grafana · Jaeger · Loki · OTEL |
| SLA Support | 24/7 | Enterprise tier |
Platform Settings
General
Security
Deployment Status
Quick Deploy
# On-premises via Helm
helm install gunbrig gunbrig/platform \
--set license.key=$LICENSE_KEY \
--set mode=on-premises \
--namespace gunbrig-system
# Air-gap bundle export
gunbrig bundle export \
--offline-token $TOKEN \
--llm local://qwen3-14b \
--ttl 90d
helm install gunbrig gunbrig/platform \
--set license.key=$LICENSE_KEY \
--set mode=on-premises \
--namespace gunbrig-system
# Air-gap bundle export
gunbrig bundle export \
--offline-token $TOKEN \
--llm local://qwen3-14b \
--ttl 90d