OpenDR is a think-tank comprised of longtime security researchers and data scientists, with north of two centuries combined experience, active in the research community. Whenever we have some time, we start building. We have several current projects and products:

CAUSALITY This is the project presented at OWASP BASC, BSides SW and VulnCon 2025; and RSA 2026. The difference between explotation prediction and detection is akin to the difference between detecting a missile launch or a detonation. The CAUSALITY model identifies and predicts that most of the KEV CVEs will come from a small subset of the population. CAUSALITY has made over 200 provably correct public KEV predictions with early warning times ranging from weeks to months - to even a year in some cases.

If you're looking for the project presented at RSA 2026, Boston Hackers, and other cons, DUNE is a project for hunting detection resistant threat activity using ML. It has been proven and battle tested at great scale and is finding threat activity undetected by major name commercial security products. Unlike most products that require shipping vast quantities of data to a vendor cloud, DUNE can bring the detections and hunts to the data.Most of the tools in there are FOSS but not all (we have dashboards for some popular products in addition to notebooks.)

OpenDR Sometimes a hunt leads to an endpoint with no instrumentation or EDR tooling. We still need to put something to the left of the equals sign and waiting for tooling or technicians is not always prudent. OpenDR is a zero to one cross-platform, agentless, EDR alternative for Linux, MacOS, and Windows. It can be operational in minutes in the hands of an unskilled user. It has an optional alerting subsystem that provides data to the SMITH project for AI assisted detection and hunting. OpenDR can go places conventional EDR tooling can't go because it needs only Python 3.x. We are adding an AI-based threat hunting component and there are some hunting notebooks, including one that uses AI, in the project. The insider threat hunting subsystem is not open sourced.

If you're looking for the thing we presented at DEF CON / BLACKHAT,that would be PROTOSTAR (originally code named 'skynet') Connecting a firehose of junk alerts to AI tools - and lighting money on fire - is not the answer to the problems of alert fatigue and FP rates in the nineties. PROTOSTAR is an AI project for solving alert fatigue using a new approach. It is asymptotically efficient, enjoying increased accuracy with increased volume, at a cost of more like five dollars per day than five hundred. Not all of the project is open sourced. It is effective at turning raw alert data into high signal with or without AI. Unlike many such tools, our pipelines allow for AI model processing of entire detection artifact streams at acceptable cost. We did a release at DEF CON 2024, presented twice at Blackhat MEA, and are continuing to present at cons.

SMITH is an interactive and tool-equipped threat hunting agent pack that acts like a security detail for AI developers. SMITH finds threat activity that often goes unnoticed and pairs with you to detect the few actions among millions that are due to prompt injections or malicious code.

There are also a few private projects. We're working on a tuned model for the PROTOSTAR project and an AI based threat hunting and detection component for the OpenDR project. We're also working on an AI based insider threat hunting and detection project. These will probably never be open sourced but please hit us up if you would like to use them: info at info at opendr dot io.