Type /argos-security. Get a ranked attack narrative — not a 200-page scanner dump. Card 2 (Red Team Audit) composes findings from nine perspectives into MITRE ATT&CK + Cyber Kill Chain + Unified Kill Chain + OWASP-mapped exploit chains. Card 1 (Safe Edit Loop) puts the same engine in front of every developer commit so bugs don't ship in the first place.
You can't review 8,400 findings. You triage. Most of what you triage is reachability — *"does this eval() actually take user input?"*. Your scanner doesn't know. You walk the call graph by hand.
Card 2 runs the walk for you. Nine perspectives in parallel, primitives composed into kill chains, ranked by (impact × confidence) / cost-to-exploit. The output is the chain narrative your CISO actually reads — *"In 4 steps, an unauthenticated attacker reaches PII"* — not a CSV of 8,400 candidates.
Type /argos-security in any MCP-compatible agent (Claude Code, Cursor, Codex, Cline). The orchestrator runs:
Plus Perspective 10 — Chain Composer — turns the nine perspectives' flat primitives into ranked kill chains mapped to Cyber Kill Chain + MITRE ATT&CK + Unified Kill Chain phases, with historical-campaign analogies.
Static control-flow only. PoC pseudocode for your team's verification — no live exploits, no test-environment traffic. Full architecture →
Pre-merge audit catches a lot. The cheaper fix is to never let the bug land. Card 1 puts ArgosBrain's code verification in front of every developer commit:
raise NotImplementedError still in the bodyDeterministic in Claude Code via hooks (PreToolUse + PostToolUse). Rules-driven in Cursor / Aider / Cline (~90-95% compliance on Opus 4.7). For security teams: this is the upstream fix to "we ship vulns because the agent invented an API and skipped reviewing the callers."
Your existing SAST / DAST tools find candidate sinks (XSS, SQLi, SSRF, RCE, etc). ArgosBrain answers the next question those tools struggle with: is this sink reachable from an attacker-controllable source?
Workflow: keep your scanner. After it produces the candidate list, pipe IDs through Card 2's find_sinks + check_reachability + triage_sinks family. Most candidates fall away as unreachable. The remaining few become primitives in the Chain Composer's kill-chain pipeline.
For compliance evidence (SOC 2 / PCI-DSS / HIPAA): the structural reachability proofs Card 2 produces map 1:1 to auditor questions like "what code paths does an authenticated user traverse to PII?". Compliance integration →
ArgosBrain is structural. We do not do dynamic analysis, runtime taint tracking, fuzzing, or live exploitation. PoC pseudocode is for your team to execute in a controlled environment — never automatic.
IaC files are read as text. We do not have IaC AST parsing for Terraform / CloudFormation / Pulumi. Cloud-perspective coverage is intentionally limited; deep cloud audit needs Prowler / Checkov / Pacu in addition.
The Chain Composer's score formula (impact × confidence × novelty / cost-to-exploit) is heuristic, not formal. Treat ranked chains as triage signal, not exploitability proof. The chains are grounded in real call graphs — but a successful in-the-wild attack still requires execution, which is your team's job.
/argos-security.curl -fsSL https://argosbrain.com/install.sh | sh cd ~/your-product-repo argosbrain init --install-config .
Restart your agent. Type /argos-security. 30-50 min later: a markdown report with ranked kill chains, MITRE mapping, PoC pseudocode per finding. Paste it into your weekly red-team ticket, the next CC6.1 evidence pack, or the pre-merge PR comment.
Get your free key → · The two services in detail · Compliance audit prep · SOC 2 evidence pack · See it on Kubernetes · Talk to engineering