We build infrastructure
and security tooling.

Everything is Rust. Everything is open source. Every crate is a library you can import.

GitHub crates.io How we operate

Featured

vyre — GPU pattern matching

Dense DFA as a WGSL compute shader. One thread per byte. The same engine that powers our vulnerability scanner is a general-purpose matching backend that runs on any GPU.

vyre compiles deterministic finite automata into GPU compute shaders. Each byte of input is processed by a dedicated thread, with state transitions executed as texture lookups. Combined with warpstate for multi-pattern dispatch and vyre-conform for cross-backend conformance testing, it forms a complete GPU matching stack.

Backend: wgpu/WebGPU Shader: WGSL compute Conformance: vyre-conform License: MIT

All projects

Performance Infrastructure

General-purpose. Not security-specific.

vyre GPU compute backend. Dense DFA as WGSL shader. warpstate GPU-accelerated multi-pattern matching. wireshift io_uring ring manager. Typed submit/wait/complete. dfajit JIT DFA compilation to native x86. simdsieve AVX-512 multi-pattern matching. tenshift ML data loader. Replaces PyTorch DataLoader in Rust. ebpfkit eBPF kernel-space filtering. ziftsieve Pattern matching inside compressed streams. flashsieve Block-level pre-filtering. Skip files that can't match.

Security Tooling

Scanners, detection, detonation, secret management.

karyx Template-based vulnerability scanner. keyhog Secret detection in source code and git history. envseal Secret management for AI agent workflows. Replaces .env. sear URL detonation engine. Sandboxed execution. procjail Process sandbox. Namespaces, seccomp, rlimits. gossan Reconnaissance framework. DNS, ports, services.

Shared Infrastructure

Crates everything else is built on.

secir Security intermediate representation. codewalk Fast file tree walker. Gitignore, parallel. matchkit Multi-pattern matching primitives.