ALPHACONSOLESTRATEGYABOUTCONTACT
STATUS: SYSTEM_STABLE
LAST_CHECK: 06:26:01 UTC
SITEMAP
HomeAlphaConsoleStrategyAI Status
SOCIALS
LinkedInGitHub
LEGAL
PrivacyTermsDisclosure
FOUNDERS
founders@ctrlsec.io
HARYANA, IN
28.411° N, 77.286° E
© 2026 CTRLSEC. ALL RIGHTS RESERVED.
NETWORK: ONLINE
  1. Home
  2. //
  3. AI Status
SYS_STATUS: OPTIMAL
CTRLSEC BRAIN — LIVE MODEL STATUS

Self-Learning
Threat Intelligence.
No API Keys.

The CtrlSec Brain is a multi-label MLP trained exclusively on your organisation's security events. 20 simultaneous attack pattern predictions. Zero external dependencies. Zero cloud LLM latency.

50-Dim
feature vector
20
attack patterns
Focal
loss training
50→128→64→32→20
architecture
<1ms
inference
γ=2 · Adam
optimizer
// 20-PATTERN CONFIDENCE OVERVIEWMacro F1: 0.0%
SQLi → RCE
0.0%
Cred Stuffing
0.0%
APT Full Chain
0.0%
Ransomware
0.0%
Supply Backdoor
0.0%
XSS Hijack
0.0%
Phishing → ATO
0.0%
Insider Exfil
0.0%
Cloud Misconfig
0.0%
Lateral Movement
0.0%
C2 Beaconing
0.0%
NTLM Cred Dump
0.0%
BEC
0.0%
API Data Exfil
0.0%
Priv Escalation
0.0%
Persistence
0.0%
Defense Evasion
0.0%
Zero-Day Exploit
0.0%
Brand Fraud
0.0%
Dep Hijack
0.0%
// MODEL PERFORMANCE — AGGREGATE METRICSEVALUATED 4H AGO
ENTITIES TRAINED
14
organisations
GRADIENT STEPS
139,122,724
total updates
MACRO F1
0.0%
across 20 patterns
EXCELLENT PATTERNS
0 / 20
0 good (≥75%)
// 20 ATTACK PATTERNS — FULL THREAT COVERAGE
Web AttackP01
SQLi → RCE
sqli_to_rce
IdentityP02
Cred Stuffing
credential_stuffing
Advanced ThreatP03
APT Full Chain
apt_full_compromise
MalwareP04
Ransomware
ransomware_staging
Supply ChainP05
Supply Backdoor
supply_chain_backdoor
Web AttackP06
XSS Hijack
xss_session_hijack
IdentityP07
Phishing → ATO
phishing_ato
InsiderP08
Insider Exfil
insider_data_exfil
CloudP09
Cloud Misconfig
cloud_misconfiguration
Post-ExploitP10
Lateral Movement
lateral_movement_chain
Command & ControlP11
C2 Beaconing
c2_beaconing
CredentialP12
NTLM Cred Dump
credential_dump_ntlm
Social Eng.P13
BEC
business_email_compromise
Data TheftP14
API Data Exfil
data_exfiltration_api
Post-ExploitP15
Priv Escalation
privilege_escalation
Post-ExploitP16
Persistence
persistence_mechanism
EvasionP17
Defense Evasion
defense_evasion_chain
Advanced ThreatP18
Zero-Day Exploit
zero_day_exploitation
BrandP19
Brand Fraud
brand_impersonation_fraud
Supply ChainP20
Dep Hijack
supply_dependency_hijack
// 50-DIMENSION FEATURE VECTOR + MLP ARCHITECTURE
// FEATURE COMPOSITION — WHAT THE MLP SEES
F0–F19
Strategy Signals
VAPT risk scores, red team objectives, dark web exposure, brand phishing rate, supply chain criticality
F20–F23
Kill-Chain Stage Flags
Recon confirmed, initial access, execution, exfiltration — binary flags from red team TTP mapping
F24–F31
Velocity & Correlation
Console threat velocity (1h/24h/7d), anomaly deviation, cross-module correlation count, trend delta
F32–F39
Per-Category Rates
Credential dump, C2 beacon, lateral movement, persistence, XSS, SQLi, cloud misconfig, privesc rates
F40–F44
Module Freshness
How recent is the intelligence? 1.0 = data within 7 days, 0.0 = stale beyond 90 days
F45–F49
7-Day Trend Deltas
Risk score delta, credential acceleration, console velocity trend, brand risk delta, supply risk delta
MLP ARCHITECTURE — ZERO EXTERNAL API
// CtrlSec Brain — 9 Self-Learning Engines
// 2M+ training signals · 20 attack patterns · 50-dim features

Engine 1: AttackClassifier MLP (50→128→64→32→20)
          Focal-BCE loss · AdaGrad optimizer · 20 sigmoid outputs

Engine 2: AttackPredictor (5 independent MLPs, 20→16→8→1)
          Ransomware · Data Breach · Supply Chain · Credential · APT

Engine 3: VAPT ReinforcementLearner
          Genetic algorithm · Tournament selection · Payload evolution

Engine 4: ThreatNeuralScorer (15→32→16→1)
          Online learning · Per-entity weights · <100ms inference

Engine 5: AnomalyDetector Autoencoder (12→6→4→6→12)
          Reconstruction error scoring · Adaptive thresholds

Engine 6: SequenceAnalyzer (Kill chain state machine)
          NORMAL → SUSPICIOUS → ESCALATING → ACTIVE_KILL_CHAIN

Engine 7: FindingValidator (5-check true-positive gate)
          Confidence · Duplicate · Neural · CVE/CWE · Severity

Engine 8: CrossModuleFusion (10 correlation pairs, 2.5x weight)
          Multi-source intelligence amplification

Engine 9: SelfLearner (7-phase continuous cycle, 6hr cron)
          HARVEST → CORRELATE → TRAIN → EVOLVE → PREDICT → ASSESS → REPORT
// ATTACK PATTERN DETECTION HEATMAP — HOVER TO INSPECTMacro F1: 0.0%
≥90% excellent≥75% good≥50% improving<50% needs work
// INTERACTIVE SANDBOX — LIVE INFERENCE ON PRODUCTION WEIGHTSPUBLIC · NO LOGIN

Select a pre-built attack scenario below. The request hits the production model with hardcoded 50-dim vectors — no real client data is used. Results reflect the current trained weights.

// HOW CONTINUOUS SELF-LEARNING WORKS
STEP 01
Signal Harvest

Every 6 hours, the self-learning engine harvests signals from all 7 security modules — VAPT, Red Team, Dark Web, Supply Chain, Brand, GRC, and Console threats. Each signal becomes a training event.

Sources: vapt · redteaming · darkweb · supply · brandmon · grc · console_threats
STEP 02
Auto-Label + Validate

Each event is auto-labeled to 20 attack patterns using deterministic rules. A 5-check validation gate (confidence, duplicate, neural, CVE/CWE, severity) filters true positives from noise before any finding reaches the database.

16 event types → 20 labels · FindingValidator: ≥0.75 confidence = TRUE_POSITIVE
STEP 03
Cross-Engine Fusion + Train

Signals confirmed by multiple engines get 2.5x weight amplification. The MLP classifier trains via curriculum learning (easy→expert), self-play reinforcement (predict→correct), mutation evolution, and adversarial hardening.

2M+ training signals · 8 training phases · Self-play correction at 2x weight
STEP 04
Evolve + Predict + Assess

VAPT payloads evolve via genetic algorithm. 5 independent MLPs update attack forecasts. The strategy orchestrator re-scores overall risk posture across all companies. Admin reviews and approves findings before clients see them.

Genetic crossover · 5 attack predictors · Executive dashboard · Admin approval gate
// FULL SYSTEM DIAGRAM — HOW THE AI CONNECTS TO EVERY MODULE
// INFERENCE PIPELINE — DATA IN → 20 PREDICTIONS OUT
DATA SOURCES — 6 SECURITY MODULES
VAPT
Dark Web
Red Team
Console SOC
Supply Chain
Brand Mon.
extractUnifiedFeatures()
▼
50-DIMENSION FEATURE VECTOR
F0–F19Strategy Signals
F20–F23Kill-Chain Stage Flags
F24–F31Velocity & Correlation
F32–F39Per-Category Rates
F40–F44Module Freshness
F45–F497-Day Trend Deltas
AttackClassifier.predict()
▼
MLP — 4 LAYERS · ADAM OPTIMIZER · FOCAL-BCE LOSS
Input50—50-dim unified vector
↓
L1128Leaky ReLUDense · He init
↓
L264Leaky ReLUFeature mixing
↓
L332Leaky ReLUPattern compression
↓
Output20SigmoidOne prob. per pattern
Focal-BCE γ=2pos_weight=8Adam lr=0.001β1=0.9 β2=0.999Leaky ReLU α=0.013M training cases
20 sigmoid probabilities [0.0 → 1.0]
▼
CONSUMED BY — PLATFORM MODULES
Strategy
top-threat ranking
Red Team
engagement scenarios
VAPT
vuln → attack chain
Console SOC
real-time alerts
// CONTINUOUS SELF-LEARNING LOOP
STEP 01
Security Event
VAPT · darkweb · console · redteam · supply · brand
STEP 02
Auto-Label
16 event types → 20 pattern labels (no human input)
STEP 03
Feature Snapshot
extractUnifiedFeatures() → 50-dim vector
STEP 04
Gradient Update
clf.learnFromEvent() · AdaGrad · 1 step · <2ms
STEP 05
Weights Saved
MongoDB upsert · next request uses updated model
↺ repeats on every security event
// AUTO-SUPERVISED LABEL RULES
Hover to highlight. 16 event types mapped to 20 pattern labels with confidence weights. No manual annotation.
RECENT TRAINING ACTIVITY
self_learn18 cases
5h ago
self_learn19 cases
5h ago
batch_retrain9,811 cases
5h ago
OVERALL ACCURACY — MACRO F1
Macro F10.0% / target 90%
▲ 90%
BCE Loss
0.0000
Micro F1
0.0%
Train Cases
10,000
20
Attack Patterns
simultaneous
50
Feature Dims
unified vector
0
API Keys
zero dependency
<1ms
Inference
entity-isolated
∞
Self-Learns
with every event
// AI ENGINE ECOSYSTEM — 9 SELF-LEARNING ENGINES

Enterprise Threat Intelligence.
Every engine learns. Every signal counts.

Nine interconnected engines continuously ingest security signals, cross-correlate across modules, and self-improve through reinforcement learning, genetic algorithms, and multi-source intelligence fusion. No external APIs. No cloud dependencies. Your data never leaves your infrastructure.

Attack Classifier MLP

50→128→64→32→20 multi-label neural network

20 attack patterns · Focal-BCE · AdaGrad

Attack Predictor

5 independent MLPs forecasting attack probability

Ransomware · Data Breach · Supply Chain · Credential · APT

VAPT Reinforcement Learner

Genetic algorithm evolving 10,000+ payloads

Tournament selection · Mutation · Crossbreeding

Red Team Engine

150+ MITRE ATT&CK TTPs · 20 adversary profiles

41 TTPs tracked · Kill chain simulation

Supply Chain Engine

Vendor risk · CVE correlation · SBOM analysis

9 records · 80+ CVEs · License risk

Brand Monitoring Engine

Typosquatting · Phishing · Impersonation detection

31 patterns · 12 mutation algorithms

GRC Engine

6 compliance frameworks · 140+ controls

19 controls · SOC2 · ISO27001 · NIST · GDPR · PCI · HIPAA

Threat Neural Scorer

Multi-layer neural network + anomaly autoencoder

Online learning · Kill chain sequence analysis

Cross-Engine Fusion

Multi-source intelligence correlation at 2.5x weight

10 correlation pairs · Temporal decay · Adversarial training

CONTINUOUS SELF-LEARNING PIPELINE — 7-PHASE CYCLE
HARVEST→
CORRELATE→
TRAIN→
EVOLVE→
PREDICT→
ASSESS→
REPORT
0
SIGNALS / CYCLE
5
CYCLES COMPLETED
41
TTPs TRACKED
15/100
RISK SCORE
Last learning cycle: 49d ago · Module coverage: VAPT(7) · RedTeam(11) · DarkWeb(8) · Supply(6) · Brand(5) · Console(0)
// GET STARTED

Your organisation.
Your model.

The Brain trains on your data — not a shared cloud model. Every VAPT finding, dark web alert, and red team event makes your model smarter. Fully isolated. Fully yours.

Get started Talk to us
// EXPLORE MORE
How CtrlSec Works
Full platform architecture, agent protocol, shared AI layer
Strategy Platform
6-module risk assessment powered by this AI engine
Console SOC
Autonomous threat detection — every alert trains the model
// LIVE EVENT STREAM
HOVER TO PAUSE
NETWORKCRITICALSRV-PROD-01·C2 beacon — 185.220.101.x:443BLOCK
PROCESSHIGHWIN-PC-042·cmd.exe spawned from winword.exeBLOCK
AUTHHIGHDC-CORP-01·47 failed logins in 60s (brute-force)BLOCK
FILEMEDIUMLAPTOP-07·Hosts file modified by unknown processALLOW
DLPMEDIUMHR-PC-03·2.4 GB upload to external endpointBLOCK
USBLOWMAC-DEV-01·USB mass storage device insertedALLOW
TAMPERCRITICALWIN-PC-011·Agent binary modified — tamper alertBLOCK
FIMHIGHSRV-BACKUP·/etc/sudoers changed — privilege riskBLOCK
REGISTRYMEDIUMWIN-DEV-05·Run key added: HKCU\Software\RunBLOCK
TELEMETRYLOWMAC-HR-02·Battery critical: 8% — scan triggeredALLOW
NETWORKHIGHKIOSK-01·DNS query to known malware domainBLOCK
PROCESSMEDIUMLAPTOP-14·mimikatz.exe hash dump attemptBLOCK
CTFSOLVEuser@alpha·flag{r00t3d_4nd_pr0ud} — PWN-042 solved+500FIRST_BLOOD
CTFSOLVEuser@alpha·SQL injection — WEB-019 solved+250SOLVE
EXAMSOLVEuser@alpha·CySec Foundation exam — PASSED 91%+1000CERTIFIED
NETWORKCRITICALSRV-PROD-01·C2 beacon — 185.220.101.x:443BLOCK
PROCESSHIGHWIN-PC-042·cmd.exe spawned from winword.exeBLOCK
AUTHHIGHDC-CORP-01·47 failed logins in 60s (brute-force)BLOCK
FILEMEDIUMLAPTOP-07·Hosts file modified by unknown processALLOW
DLPMEDIUMHR-PC-03·2.4 GB upload to external endpointBLOCK
USBLOWMAC-DEV-01·USB mass storage device insertedALLOW
TAMPERCRITICALWIN-PC-011·Agent binary modified — tamper alertBLOCK
FIMHIGHSRV-BACKUP·/etc/sudoers changed — privilege riskBLOCK
REGISTRYMEDIUMWIN-DEV-05·Run key added: HKCU\Software\RunBLOCK
TELEMETRYLOWMAC-HR-02·Battery critical: 8% — scan triggeredALLOW
NETWORKHIGHKIOSK-01·DNS query to known malware domainBLOCK
PROCESSMEDIUMLAPTOP-14·mimikatz.exe hash dump attemptBLOCK
CTFSOLVEuser@alpha·flag{r00t3d_4nd_pr0ud} — PWN-042 solved+500FIRST_BLOOD
CTFSOLVEuser@alpha·SQL injection — WEB-019 solved+250SOLVE
EXAMSOLVEuser@alpha·CySec Foundation exam — PASSED 91%+1000CERTIFIED
LAT: 28.4107786 N
LON: 77.2862497 E
EOF // END_OF_FILE