The platforms
Each system is self-hosted, driven by local language models and MCP tools, and designed so sensitive evidence and client data can stay on my own network — while stronger cloud models are brought in selectively when the circumstances allow.
FindEvil AI
Automated triage and timeline reconstruction for digital forensics — parses artefacts, correlates events across sources, and surfaces findings for analyst review with a human kept firmly in the loop.
explore →PulseTrace
Aggregates and correlates open-source intelligence across many sources, resolving noisy signals into structured, attributed intelligence that feeds the wider investigation workflow.
explore →Phishing-Tracker MCP
Reads phishing-related reporting, extracts TTPs, then pivots to hunt adversary infrastructure — feeding confirmed indicators back into the intelligence loop for cross-case correlation.
explore →Architecture
Capabilities today
Long-context investigationsFull forensic and IR case material held in a single 600k-token context.
MCP & structured tool-callingAgents that call real tools reliably, not just generate text.
OSINT & phishing-infra discoveryMulti-stage pivoting from reporting to live adversary infrastructure.
Persistent, cross-case memoryIntelligence that carries between investigations instead of resetting.
Local vs cloud comparisonSame workflow benchmarked across local and frontier models.
Evidence grounding & hallucination controlFindings tied to source artefacts, with a human in the loop.
Collaboration & research access
I'm interested in working with AI model providers, infrastructure vendors and security organisations that want to test advanced models against real-world DFIR, OSINT, phishing and threat-intelligence workflows. The platforms are active personal research projects — not currently open source — but I'm happy to demonstrate capabilities and work directly with suitable partners.
▸ WHAT WOULD HELP MOST
- Access to high-capability models with private data handling
- Increased usage limits for long-context investigations
- Early access to agent & tool-calling features
- Technical collaboration on local & hybrid inference
▸ WHAT I PROVIDE IN RETURN
- Practical testing across live DFIR, OSINT & phishing workflows
- Detailed feedback on reliability, grounding & hallucination control
- Sanitised case studies & architecture / performance findings
- Local-vs-cloud model comparison on real investigative work