Autonomous Cyber Reasoning System - Red Team & Blue Team AI agents
Project description
Spectrum – Red/Blue Team AI Framework
A dual‑mode autonomous security platform.
Run as Red Team to attack a target, or as Blue Team to monitor, detect intrusions and hot‑patch vulnerabilities.
Powered by Hugging Face (or AMD Cloud) models.
Prerequisites
- Python 3.10 or newer
- pip
- A Hugging Face account (hf.co) and an API token
- Git (optional – you can also download the ZIP)
Clone the project
git clone https://github.com/yourusername/spectrum.git
cd spectrum
If you downloaded a ZIP, extract it and open a terminal inside the extracted folder.
Install dependencies
Create and activate a virtual environment (recommended):
python3 -m venv venv
source venv/bin/activate # macOS / Linux
venv\Scripts\activate # Windows
Install the required packages:
pip install -r requirements.txt
On macOS with Homebrew Python you may need:
pip install --break-system-packages -r requirements.txt
Configuration
API Provider & Token
On the first run, Spectrum asks which provider you want to use:
- Hugging Face – you will be prompted for your
HF_TOKEN. - AMD Cloud – you will be prompted for your
AMD_API_KEY.
The token is saved in a .env file.
You can also create that file manually:
echo "HF_TOKEN=hf_xxxxxxxxxxxxxxxxxxxx" > .env
(Replace hf_xxxxxxxxxxxxxxxxxxxx with your actual token.)
Model selection (config.json)
The default models work out of the box.
You can change final_model_id (the main agent) and sentinel_model_id (the lightweight Blue Team watcher) inside config.json.
Example excerpt:
{
"final_model_id": "deepseek-ai/DeepSeek-V4-Flash",
"sentinel_model_id": "Qwen/Qwen2.5-3B-Instruct"
}
Run a vulnerable target (optional)
The project includes a deliberately vulnerable Flask application (lab.py).
Start it in a separate terminal to give the agents something to attack/defend:
python3 lab.py
It listens on http://127.0.0.1:4999 (or the port printed in the terminal).
Launch Spectrum
python3 main.py
You will see the Spectrum banner. Press Enter to continue.
Choose your mode
Select Operational Module:
1. Red Team (Offensive)
2. Blue Team (Defensive)
3. Exit
Red Team Mode
- Enter a target / objective, for example:
Find the hidden flag on http://127.0.0.1:4999 - The agent will plan, execute terminal commands, write scripts, and attempt to breach the target.
- Ctrl+C to pause, then:
s– steer the agent (give an instruction)p– pause and save the sessionEnter– resume
Blue Team Mode
- Enter the URL to defend, for example:
http://127.0.0.1:4999 - The Blue Team will:
- Kill the existing server (if any) and restart it with logging enabled.
- Start a Sentinel (small AI model) that watches the log file every few seconds.
- When an attack is detected:
- Record the attacker IP (in
blocked_ips.txt). - Ask the main model to classify the attack.
- Automatically patch the vulnerable code (SQLi, command injection, SSTI, etc.).
- Restart the server with a fresh log.
- Record the attacker IP (in
- Ctrl+C to pause, same steering options as Red Team.
File structure (key files)
spectrum/
├── main.py # Entry point, mode selector
├── redteamer.py # Offensive agent logic
├── blueteamer.py # Defensive agent (Sentinel + patcher)
├── tools.py # Tool implementations (shell, HTTP, file I/O, patch engine)
├── lab.py # Vulnerable SAAS lab (for testing)
├── config.json # Model IDs and provider settings
├── requirements.txt # Python dependencies
├── tutorials/ # Optional playbooks loaded by agents
│ ├── BLUE_DEFENSE_PLAYBOOK.md
│ └── VULNERABLE_APP_SOURCE.txt
├── blocked_ips.txt # IPs blocked during Blue Team sessions
├── attacks.log # Record of detected attacks
├── server.log # Flask output (created at runtime)
├── session.md # Live session log (viewed by viewer.py)
└── thoughts.json # Agent reasoning trail
Troubleshooting
- ModuleNotFoundError → run
pip install -r requirements.txtagain. - API Quota Exhausted → wait a few minutes or switch to another model in
config.json. - Blue Team doesn't detect attacks → ensure the target was started with logging (the Blue Team does this automatically for
lab.py). - Terminal output looks broken → run
main.pyin a standard terminal; Rich formatting works best there.
Deployment (Hugging Face Spaces / Streamlit Cloud)
The repository includes app.py for Streamlit deployment and a Dockerfile for Docker Spaces.
Refer to the comments in those files for details.
For questions or contributions, open an issue on the project's GitHub page.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file spectrum_security-1.35.3.tar.gz.
File metadata
- Download URL: spectrum_security-1.35.3.tar.gz
- Upload date:
- Size: 21.3 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
642ee8600d9c5670371e41b7d72c8c2d1cdc660382fec73a86707a524c52d39f
|
|
| MD5 |
ffcb36acf9d6cf3c7373dabb44157282
|
|
| BLAKE2b-256 |
b7f4d7ce4b30d6438c16bec4e95cfceccb5c608d94ee5890bccc08efdbb3c8fc
|
File details
Details for the file spectrum_security-1.35.3-py3-none-any.whl.
File metadata
- Download URL: spectrum_security-1.35.3-py3-none-any.whl
- Upload date:
- Size: 21.6 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.14.4
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5630952e76d5068aa9516b9ef1ba8e2dddb03dd1b6928f5c5efc54ef2fd3d356
|
|
| MD5 |
6dd0869e40a16e88a6b90fdaa178ce86
|
|
| BLAKE2b-256 |
0c4c179a850ec57bb17dffcf62c3d1b0f175e902e6fb4f668edf20ddb4e85d85
|
