Open Source / Apache 2.0

NanoMind

Embedded security intelligence for AI agents. Understands artifacts semantically instead of pattern-matching on text. The foundation that powers HackMyAgent, ARP, and the Registry.

GitHub Model on HuggingFace

Full documentation at nanomind.dev

npx hackmyagent secure     # NanoMind runs automatically
npx hackmyagent secure --deep  # + behavioral simulation

What NanoMind Does

Semantic Compiler

Compiles skills, MCP configs, SOUL.md, and system prompts into Abstract Security Trees. Analyzers query the AST instead of regex on raw text.

Self-Securing

Verifies its own binary integrity on every startup. Tampered binaries enter QUARANTINE mode. The first AI security tool that secures itself.

Zero Cost Inference

Runs 100% locally on any CPU. No API keys, no cloud calls, no telemetry. v0.1 does inference in under 1ms. v3 targets 6ms at 3.5MB.

Defense-in-Depth

NanoMind can upgrade findings but NEVER suppress static analysis. Even a compromised NanoMind gains the attacker nothing.

Continuous Learning

Every scan generates training data. The model improves from real-world usage. Claude reviews all labels before training.

Two Tiers

NanoMind-Edge (3.5MB) for local real-time analysis. NanoMind-Server (larger model) for deep Registry scanning.

Architecture

Artifact (skill, MCP, SOUL, prompt)
    |
    v
Secure Ingestion
    |- Validate structure
    |- Sanitize NanoMind prompt injection
    |- Compute content hash
    |
    v
NanoMind Semantic Compiler
    |- Extract declared capabilities
    |- Extract constraints + enforceability
    |- Classify intent (NanoMind model or heuristic)
    |- Map risk surfaces
    |- Sign AST (HMAC-SHA256)
    |
    v
Abstract Security Tree (AST)
    |
    v
6 AST Analyzers (28 checks)
    |- Capability (undeclared caps, scope mismatch)
    |- Credential (exposure, forwarding, hardcoded)
    |- Governance (gaps, weak constraints, override resistance)
    |- Scope (wildcards, undeclared permissions)
    |- Prompt (jailbreak, capability creep, authority confusion)
    |- Code (injection, unsafe deser, path traversal)
    |
    v
Findings (merged with static analysis, defense-in-depth)

Trained Model

99.51%

Eval Accuracy

1.00

Benign F1

Attack Classes

1,028

Training Samples

View on HuggingFace -- open-source, Apache 2.0 license.