~/f4n6 $ adversetrace --lab --status building
// research lab

Research Lab

CLUSTER: 4× DGX Spark · GLM 5.2 CONTEXT: 600k · 20–40 tok/s + Qwen3.5-122B · Qwen3.6-35B · Qwen3.6-27B
// what I've built

The platforms

Each system is self-hosted, driven by local language models and MCP tools, and designed so sensitive evidence and client data can stay on my own network — while stronger cloud models are brought in selectively when the circumstances allow.

// how it fits together

Architecture

Local inference
4× DGX Spark
GLM 5.2
600k ctx · 20–40 tok/s
1× DGX Spark
Qwen3.5-122B
A10B
1× RTX 5090
Qwen3.6-35B
A3B
1× RTX 3090
Qwen3.6-27B
local
Orchestration
MCP tool layer · structured tool-calling · persistent memory
Platforms
DFIR
FindEvil AI
OSINT
PulseTrace
Infra hunt
Phishing-Tracker
// what it can already do

Capabilities today

01

Long-context investigationsFull forensic and IR case material held in a single 600k-token context.

02

MCP & structured tool-callingAgents that call real tools reliably, not just generate text.

03

OSINT & phishing-infra discoveryMulti-stage pivoting from reporting to live adversary infrastructure.

04

Persistent, cross-case memoryIntelligence that carries between investigations instead of resetting.

05

Local vs cloud comparisonSame workflow benchmarked across local and frontier models.

06

Evidence grounding & hallucination controlFindings tied to source artefacts, with a human in the loop.

DGX Spark cluster running GLM 5.2 — 600k context at 20–40 tok/s
122BQwen3.5-122B-A10B on a dedicated DGX Spark for heavier reasoning
35BQwen3.6-35B-A3B on an RTX 5090 for fast tool-calling
0bytes of sensitive evidence leaving the local network by default
// what becomes possible

Collaboration & research access

I'm interested in working with AI model providers, infrastructure vendors and security organisations that want to test advanced models against real-world DFIR, OSINT, phishing and threat-intelligence workflows. The platforms are active personal research projects — not currently open source — but I'm happy to demonstrate capabilities and work directly with suitable partners.

▸ WHAT WOULD HELP MOST

  • Access to high-capability models with private data handling
  • Increased usage limits for long-context investigations
  • Early access to agent & tool-calling features
  • Technical collaboration on local & hybrid inference

▸ WHAT I PROVIDE IN RETURN

  • Practical testing across live DFIR, OSINT & phishing workflows
  • Detailed feedback on reliability, grounding & hallucination control
  • Sanitised case studies & architecture / performance findings
  • Local-vs-cloud model comparison on real investigative work
Want to test frontier models on real investigations?
Model providers, infra vendors & security orgs — let's talk about a research collaboration.