cool demo. biggest value for sec teams is usually graph clarity over model novelty. if you can show why path a outranks path b with concrete blast radius, adoption gets way easier.
I built OdinForge (https://www.odinforgeai.com) — a security validation tool that autonomously discovers vulnerabilities across your infrastructure, cloud, network, and web apps, then chains them into breach paths showing how an attacker would actually compromise your environment.
The problem I kept running into: vulnerability scanners give you a list of 800 CVEs with no context. Annual pentests cost $50-200K and the report is stale within weeks. BAS tools like AttackIQ run scripted playbooks that test whether your SIEM detects known signatures — useful, but not the same as proving an attacker can actually get in.
OdinForge takes a different approach — it discovers real exploitable weaknesses and autonomously determines how to chain them together, from initial access through lateral movement to whatever you'd consider "game over" in your environment. The output is an interactive attack graph, not a PDF.
Some technical decisions that might interest this crowd:
- Agentless, black-box — we attack from the outside in, like a real adversary
- Multi-tenant with row-level security isolation (Postgres RLS, not application-level filtering)
- Decoupled architecture — API server and BullMQ workers run in separate containers, communicate via Redis pub/sub
- Interactive breach chain visualization rendered on HTML5 Canvas
- Covers infra, cloud (AWS/Azure/GCP), network, web apps, and APIs from one platform
What it doesn't do (being honest): It's not going to replace a skilled red team doing social engineering and physical access. It's automated technical validation — think of it as a tireless junior pentester that runs 24/7 and never forgets to check something.
cool demo. biggest value for sec teams is usually graph clarity over model novelty. if you can show why path a outranks path b with concrete blast radius, adoption gets way easier.
Hey HN,
I built OdinForge (https://www.odinforgeai.com) — a security validation tool that autonomously discovers vulnerabilities across your infrastructure, cloud, network, and web apps, then chains them into breach paths showing how an attacker would actually compromise your environment.
The problem I kept running into: vulnerability scanners give you a list of 800 CVEs with no context. Annual pentests cost $50-200K and the report is stale within weeks. BAS tools like AttackIQ run scripted playbooks that test whether your SIEM detects known signatures — useful, but not the same as proving an attacker can actually get in.
OdinForge takes a different approach — it discovers real exploitable weaknesses and autonomously determines how to chain them together, from initial access through lateral movement to whatever you'd consider "game over" in your environment. The output is an interactive attack graph, not a PDF.
Some technical decisions that might interest this crowd:
- Agentless, black-box — we attack from the outside in, like a real adversary - Multi-tenant with row-level security isolation (Postgres RLS, not application-level filtering) - Decoupled architecture — API server and BullMQ workers run in separate containers, communicate via Redis pub/sub - Interactive breach chain visualization rendered on HTML5 Canvas - Covers infra, cloud (AWS/Azure/GCP), network, web apps, and APIs from one platform
What it doesn't do (being honest): It's not going to replace a skilled red team doing social engineering and physical access. It's automated technical validation — think of it as a tireless junior pentester that runs 24/7 and never forgets to check something.
I also wrote honest comparison pages against the incumbents: - vs Pentera ($100K+/yr, 500-IP minimum): https://www.odinforgeai.com/compare/pentera - vs NodeZero/Horizon3.ai (opaque pricing): https://www.odinforgeai.com/compare/nodezero - vs AttackIQ (simulation, not exploitation): https://www.odinforgeai.com/compare/attackiq
Free 14-day trial, no credit card. Would genuinely appreciate technical feedback — especially on the breach chaining approach and where you see gaps.