GC
Introducing Cyberzard: An AI‑Assisted Security & Incident Triage CLI for CyberPanel
Cyberzard is an open, safety‑constrained command‑line assistant that helps CyberPanel users rapidly identify issues, summarize risks, and plan structured remediation—optionally enhanced by an LLM (no model access required to use core functionality).
Why Cyberzard?
| Need | Problem Today | Cyberzard Approach |
|---|---|---|
| Faster triage | Manual SSH digging | Automated scoped scanners |
| Action clarity | Unstructured notes | Structured remediation plan |
| Optional AI | Black‑box “auto-fix” tools | Transparent ReAct loop with hard safety rails |
| Safety | Fear of rogue commands | No direct shell; allow‑listed tools + step cap |
Core Capabilities
- Enumerates processes, files, cron jobs, users, SSH keys
- Flags risky patterns and generates a concise findings summary
- Produces remediation “plans” (human approval first)
- Optional AI assistance (OpenAI / Anthropic) for summarization & prioritization
- Deterministic mode works fully offline
- Extensible tool layer for future scanners
High‑Level Flow (Optional AI Mode)
- Collect signals (fast, read‑only)
- Normalize + tag findings
- (Optional) Run bounded reasoning (ReAct loop)
- Output: summary + remediation steps
- Human approves any actions before execution (future enhancement)
Quick Start
# Clone (temporary early testing repo)
git clone https://github.com/elwizard33/Cyberzard.git
cd Cyberzard
# Install
pip install -e .
# Run a baseline scan
cyberzard scan
# Summarize (offline deterministic)
cyberzard explain
# (Optional) Enable AI assistance
export CYBERZARD_MODEL_PROVIDER=openai # or anthropic
export OPENAI_API_KEY=sk-... # or ANTHROPIC_API_KEY
cyberzard agent "Prioritize remediation focus"
Key Commands
| Command | Purpose | Notable Options |
|---|---|---|
scan |
Collect indicators | --json for machine output |
explain |
Human summary of findings | --max limit items |
advise |
Draft remediation plan | --severity high |
agent |
Safe ReAct reasoning loop | --steps 6 (cap) |
Safety Model
| Layer | Control |
|---|---|
| Tool surface | Explicit allow‑list |
| Step limit | Hard cap per reasoning session |
| No raw shell | No arbitrary command execution |
| Offline default | AI optional, not required |
| Human approval | Remediation is descriptive, not auto‑applied |
What Cyberzard Is Not (Yet)
- Not a replacement for full EDR
- Not executing arbitrary shell fixes
- Not an “auto hack/auto repair” tool
- Not a data exfiltration vector (scopes are tight by design)
Early Roadmap
| Phase | Focus |
|---|---|
| 0.1 | Core scanners + explain |
| 0.2 | Expanded IOC heuristics |
| 0.3 | Pluggable scanner API |
| 0.4 | Signed remediation template export |
| 0.5 | Optional lightweight web view |
| 1.0 | Hardened release + test matrix |
How You Can Help Right Now
| Area | What to Try | Feedback Examples |
|---|---|---|
| Scan coverage | Run cyberzard scan on varied servers |
Missed risky process? False positives? |
| AI reasoning | Try agent summaries |
Too verbose? Confusing phrasing? |
| Performance | Compare runtime across hosts | Slow paths? Bottlenecks? |
| Usability | First‑time experience | Anything unclear or noisy? |
Contributing
- Open an issue: bug, false positive, feature request
- Provide: environment, command, expected vs actual
- (Optional) Submit PRs: small, focused, documented
Feedback Template (Copy/Paste)
Environment: (OS, panel version)
Command Run: (e.g. cyberzard scan)
Result Quality: (1–5)
What Worked:
What Was Confusing:
Suggested Improvement:
Model Provider (if any):
Call for Testers
If you:
- Maintain CyberPanel servers
- Need faster triage during incidents
- Want a transparent AI helper with strict safety rails
…then please test Cyberzard and report friction points early.
Disclaimer
Alpha quality. Outputs are advisory. Always review before acting.
Next Step
Install it, run a scan, post your findings + suggestions on the thread. Early signal will directly shape the 0.2/0.3 priorities.
Thank you for helping harden security tooling for the CyberPanel ecosystem.
Links: