ALPHACONSOLESTRATEGYABOUTCONTACT
STATUS: SYSTEM_STABLE
LAST_CHECK: 06:26:01 UTC
SITEMAP
HomeAlphaConsoleStrategyAI Status
SOCIALS
LinkedInGitHub
LEGAL
PrivacyTermsDisclosure
FOUNDERS
founders@ctrlsec.io
HARYANA, IN
28.411° N, 77.286° E
© 2026 CTRLSEC. ALL RIGHTS RESERVED.
NETWORK: ONLINE
  1. Home
  2. //
  3. AI Status
SYS_STATUS: OPTIMAL
CTRLSEC BRAIN — LIVE MODEL STATUS

Self-Learning
Threat Intelligence.
No API Keys.

The CtrlSec Brain is a multi-label MLP trained exclusively on your organisation's security events. 20 simultaneous attack pattern predictions. Zero external dependencies. Zero cloud LLM latency.

50-Dim
feature vector
20
attack patterns
Focal
loss training
50→128→64→32→20
architecture
<1ms
inference
γ=2 · Adam
optimizer
// 20-PATTERN CONFIDENCE OVERVIEWMacro F1: 0.0%
SQLi → RCE
0.0%
Cred Stuffing
0.0%
APT Full Chain
0.0%
Ransomware
0.0%
Supply Backdoor
0.0%
XSS Hijack
0.0%
Phishing → ATO
0.0%
Insider Exfil
0.0%
Cloud Misconfig
0.0%
Lateral Movement
0.0%
C2 Beaconing
0.0%
NTLM Cred Dump
0.0%
BEC
0.0%
API Data Exfil
0.0%
Priv Escalation
0.0%
Persistence
0.0%
Defense Evasion
0.0%
Zero-Day Exploit
0.0%
Brand Fraud
0.0%
Dep Hijack
0.0%
// MODEL PERFORMANCE — AGGREGATE METRICSEVALUATED 4H AGO
ENTITIES TRAINED
1
organisations
GRADIENT STEPS
10,000
total updates
MACRO F1
0.0%
across 20 patterns
EXCELLENT PATTERNS
0 / 20
0 good (≥75%)
// 20 ATTACK PATTERNS — FULL THREAT COVERAGE
Web AttackP01
SQLi → RCE
sqli_to_rce
IdentityP02
Cred Stuffing
credential_stuffing
Advanced ThreatP03
APT Full Chain
apt_full_compromise
MalwareP04
Ransomware
ransomware_staging
Supply ChainP05
Supply Backdoor
supply_chain_backdoor
Web AttackP06
XSS Hijack
xss_session_hijack
IdentityP07
Phishing → ATO
phishing_ato
InsiderP08
Insider Exfil
insider_data_exfil
CloudP09
Cloud Misconfig
cloud_misconfiguration
Post-ExploitP10
Lateral Movement
lateral_movement_chain
Command & ControlP11
C2 Beaconing
c2_beaconing
CredentialP12
NTLM Cred Dump
credential_dump_ntlm
Social Eng.P13
BEC
business_email_compromise
Data TheftP14
API Data Exfil
data_exfiltration_api
Post-ExploitP15
Priv Escalation
privilege_escalation
Post-ExploitP16
Persistence
persistence_mechanism
EvasionP17
Defense Evasion
defense_evasion_chain
Advanced ThreatP18
Zero-Day Exploit
zero_day_exploitation
BrandP19
Brand Fraud
brand_impersonation_fraud
Supply ChainP20
Dep Hijack
supply_dependency_hijack
// 50-DIMENSION FEATURE VECTOR + MLP ARCHITECTURE
// FEATURE COMPOSITION — WHAT THE MLP SEES
F0–F19
Strategy Signals
VAPT risk scores, red team objectives, dark web exposure, brand phishing rate, supply chain criticality
F20–F23
Kill-Chain Stage Flags
Recon confirmed, initial access, execution, exfiltration — binary flags from red team TTP mapping
F24–F31
Velocity & Correlation
Console threat velocity (1h/24h/7d), anomaly deviation, cross-module correlation count, trend delta
F32–F39
Per-Category Rates
Credential dump, C2 beacon, lateral movement, persistence, XSS, SQLi, cloud misconfig, privesc rates
F40–F44
Module Freshness
How recent is the intelligence? 1.0 = data within 7 days, 0.0 = stale beyond 90 days
F45–F49
7-Day Trend Deltas
Risk score delta, credential acceleration, console velocity trend, brand risk delta, supply risk delta
MLP ARCHITECTURE — ZERO EXTERNAL API
// CtrlSec Brain — Multi-Label MLP
// 20 simultaneous attack pattern predictions

Input:  [50-dim unified feature vector]
        │
        ▼
Layer 1: Dense(50 → 128) // Leaky ReLU α=0.01 · Adam
        │
        ▼
Layer 2: Dense(128 → 64) // Leaky ReLU · feature mixing
        │
        ▼
Layer 3: Dense(64 → 32)  // Leaky ReLU · compression
        │
        ▼
Output:  Dense(32 → 20)  // Sigmoid per pattern

Loss:    Focal(γ=2) + POS_WEIGHT=8
         // corrects for ~5% positive rate
         // per output class
Optim:   Adam β1=0.9 β2=0.999 ε=1e-8
Threshold: 0.50  // binary classification cut
// ATTACK PATTERN DETECTION HEATMAP — HOVER TO INSPECTMacro F1: 0.0%
≥90% excellent≥75% good≥50% improving<50% needs work
// INTERACTIVE SANDBOX — LIVE INFERENCE ON PRODUCTION WEIGHTSPUBLIC · NO LOGIN

Select a pre-built attack scenario below. The request hits the production model with hardcoded 50-dim vectors — no real client data is used. Results reflect the current trained weights.

// HOW CONTINUOUS SELF-LEARNING WORKS
STEP 01
Event Captured

Every VAPT finding, dark web alert, console threat, red team engagement, and brand monitoring hit is captured as a training signal — no manual labeling needed.

Sources: vapt · darkweb · console_threats · redteaming · brandmon · supply
STEP 02
Auto-Supervised Labeling

The training engine maps each event type to the relevant attack patterns using deterministic rules. A credential dump maps to credential_stuffing + credential_dump_ntlm. An XSS event maps to xss_session_hijack.

Rule table: 16 event types → 20 pattern labels with confidence weights
STEP 03
Online Gradient Update

A single gradient step is applied to the entity's model weights immediately — no batch wait, no retraining pipeline. The model learns from each new finding within milliseconds.

emitTrainingEvent → extractUnifiedFeatures → clf.learn() → save()
// FULL SYSTEM DIAGRAM — HOW THE AI CONNECTS TO EVERY MODULE
// INFERENCE PIPELINE — DATA IN → 20 PREDICTIONS OUT
DATA SOURCES — 6 SECURITY MODULES
VAPT
Dark Web
Red Team
Console SOC
Supply Chain
Brand Mon.
extractUnifiedFeatures()
▼
50-DIMENSION FEATURE VECTOR
F0–F19Strategy Signals
F20–F23Kill-Chain Stage Flags
F24–F31Velocity & Correlation
F32–F39Per-Category Rates
F40–F44Module Freshness
F45–F497-Day Trend Deltas
AttackClassifier.predict()
▼
MLP — 4 LAYERS · ADAM OPTIMIZER · FOCAL-BCE LOSS
Input50—50-dim unified vector
↓
L1128Leaky ReLUDense · He init
↓
L264Leaky ReLUFeature mixing
↓
L332Leaky ReLUPattern compression
↓
Output20SigmoidOne prob. per pattern
Focal-BCE γ=2pos_weight=8Adam lr=0.001β1=0.9 β2=0.999Leaky ReLU α=0.013M training cases
20 sigmoid probabilities [0.0 → 1.0]
▼
CONSUMED BY — PLATFORM MODULES
Strategy
top-threat ranking
Red Team
engagement scenarios
VAPT
vuln → attack chain
Console SOC
real-time alerts
// CONTINUOUS SELF-LEARNING LOOP
STEP 01
Security Event
VAPT · darkweb · console · redteam · supply · brand
STEP 02
Auto-Label
16 event types → 20 pattern labels (no human input)
STEP 03
Feature Snapshot
extractUnifiedFeatures() → 50-dim vector
STEP 04
Gradient Update
clf.learnFromEvent() · AdaGrad · 1 step · <2ms
STEP 05
Weights Saved
MongoDB upsert · next request uses updated model
↺ repeats on every security event
// AUTO-SUPERVISED LABEL RULES
Hover to highlight. 16 event types mapped to 20 pattern labels with confidence weights. No manual annotation.
RECENT TRAINING ACTIVITY
bootstrap10,000 cases
4h ago
OVERALL ACCURACY — MACRO F1
Macro F10.0% / target 90%
▲ 90%
BCE Loss
0.0000
Micro F1
0.0%
Train Cases
10,000
20
Attack Patterns
simultaneous
50
Feature Dims
unified vector
0
API Keys
zero dependency
<1ms
Inference
entity-isolated
∞
Self-Learns
with every event
// GET STARTED

Your organisation.
Your model.

The Brain trains on your data — not a shared cloud model. Every VAPT finding, dark web alert, and red team event makes your model smarter. Fully isolated. Fully yours.

Get started Talk to us
// EXPLORE MORE
How CtrlSec Works
Full platform architecture, agent protocol, shared AI layer
Strategy Platform
6-module risk assessment powered by this AI engine
Console SOC
Autonomous threat detection — every alert trains the model
// LIVE EVENT STREAM
HOVER TO PAUSE
NETWORKCRITICALSRV-PROD-01·C2 beacon — 185.220.101.x:443BLOCK
PROCESSHIGHWIN-PC-042·cmd.exe spawned from winword.exeBLOCK
AUTHHIGHDC-CORP-01·47 failed logins in 60s (brute-force)BLOCK
FILEMEDIUMLAPTOP-07·Hosts file modified by unknown processALLOW
DLPMEDIUMHR-PC-03·2.4 GB upload to external endpointBLOCK
USBLOWMAC-DEV-01·USB mass storage device insertedALLOW
TAMPERCRITICALWIN-PC-011·Agent binary modified — tamper alertBLOCK
FIMHIGHSRV-BACKUP·/etc/sudoers changed — privilege riskBLOCK
REGISTRYMEDIUMWIN-DEV-05·Run key added: HKCU\Software\RunBLOCK
TELEMETRYLOWMAC-HR-02·Battery critical: 8% — scan triggeredALLOW
NETWORKHIGHKIOSK-01·DNS query to known malware domainBLOCK
PROCESSMEDIUMLAPTOP-14·mimikatz.exe hash dump attemptBLOCK
CTFSOLVEuser@alpha·flag{r00t3d_4nd_pr0ud} — PWN-042 solved+500FIRST_BLOOD
CTFSOLVEuser@alpha·SQL injection — WEB-019 solved+250SOLVE
EXAMSOLVEuser@alpha·CySec Foundation exam — PASSED 91%+1000CERTIFIED
NETWORKCRITICALSRV-PROD-01·C2 beacon — 185.220.101.x:443BLOCK
PROCESSHIGHWIN-PC-042·cmd.exe spawned from winword.exeBLOCK
AUTHHIGHDC-CORP-01·47 failed logins in 60s (brute-force)BLOCK
FILEMEDIUMLAPTOP-07·Hosts file modified by unknown processALLOW
DLPMEDIUMHR-PC-03·2.4 GB upload to external endpointBLOCK
USBLOWMAC-DEV-01·USB mass storage device insertedALLOW
TAMPERCRITICALWIN-PC-011·Agent binary modified — tamper alertBLOCK
FIMHIGHSRV-BACKUP·/etc/sudoers changed — privilege riskBLOCK
REGISTRYMEDIUMWIN-DEV-05·Run key added: HKCU\Software\RunBLOCK
TELEMETRYLOWMAC-HR-02·Battery critical: 8% — scan triggeredALLOW
NETWORKHIGHKIOSK-01·DNS query to known malware domainBLOCK
PROCESSMEDIUMLAPTOP-14·mimikatz.exe hash dump attemptBLOCK
CTFSOLVEuser@alpha·flag{r00t3d_4nd_pr0ud} — PWN-042 solved+500FIRST_BLOOD
CTFSOLVEuser@alpha·SQL injection — WEB-019 solved+250SOLVE
EXAMSOLVEuser@alpha·CySec Foundation exam — PASSED 91%+1000CERTIFIED
LAT: 28.4107786 N
LON: 77.2862497 E
EOF // END_OF_FILE