▲ VISUALISATION — a reconstruction assembled from the real VEDA engagement output (report VEDA-20260702-100808, 9 findings, 45 ledger events). Not a live screen recording.
PROJECT VEDA // boot target: localhost:8000/api/v1 · PTOLEMAIOS sandbox
VEDA VEDA Core emblem: an all-seeing reticle with an Ed25519 keyhole and V chevron, framed by the VIRTUE shield and the PTOLEMAIOS sandbox ring.
PROJECT VEDA
Vulnerability · Exploitation · Detection · Architecture
Vulnerability Exploitation Detection Architecture — an HITL-governed, multi-agent autonomous red-team framework, evaluated against the Singa Bank BFSI sandbox.
EXIA · reconDYNAMES · app-sec VIRTUE · scope-gateVEDA Core · Hermes PTOLEMAIOS · sandbox
Baseline result: 100% precision · 90% recall · 100% specificity · 94.7% F1

01Startup — VEDA boots inside PTOLEMAIOS

The five Gundam-named agents come online inside the network-isolated Docker sandbox.
EXIA
Infrastructure & boundary recon
↳ CAI
DYNAMES
App / API security testing
↳ Strix
VIRTUE
Ed25519 scope-gate
↳ HexStrike
VEDA Core
Orchestration & synthesis
↳ Hermes (Claude)
PTOLEMAIOS
Isolated Docker sandbox
↳ veda_only net

02Cryptographic Scope Gate — VIRTUE

Six Ed25519-signed predicates must ALL pass (default-deny) before any packet reaches the target.
Valid Ed25519 signaturemanifest body verified against veda_verify.key
Within validity windowmanifest not expired
Target in-scopelocalhost ∈ in_scope list
Not excludedlocalhost ∉ exclusion list
Technique within ceilingapi_* ≤ MEDIUM intensity
HITL token presentrequired for write/test techniques

03Human-in-the-Loop — blocking checkpoints

The pipeline cannot advance past CP1 / CP4 without an explicit human APPROVE — recorded, non-repudiable.
RISK: CRITICAL

⚠ HITL CHECKPOINT — CP1 · ACTIVE_EXPLOITATION

EXIA → DYNAMES is about to transition from passive reconnaissance to active, payload-bearing exploitation against localhost:8000. All traffic will be logged to the audit ledger.

Type APPROVE to authorise:  

04Attacking the bank — DYNAMES fires

Nine single-request flaws detected across the OWASP API Top-10 surface. Each finding is hash-logged.
IDFindingEndpointOWASPSevATT&CK

05Report & scorecard — VEDA Core synthesises

Findings scored against the 10-row ground-truth matrix. V10 (race) is the honest, documented false negative.
0
Precision
TP / (TP+FP)
0
Recall
TP / (TP+FN)
0
Specificity*
secure-mode run
0
F1 score
harmonic mean
GT: Vulnerable
GT: Secure
Detected
TP = 9
FP = 0
Not detected
FN = 1 (V10)
TN = 0
* Specificity is measured in the separate secure-mode run (all flags off); with all 10 armed it is reported n/a. 9 findings · 4 Critical · 5 High · engagement 30.3 s.

06Governance & assurance

Every action is written to an append-only, SHA-256 hash-chained audit ledger — tamper-evident by design.
ledger/veda_audit.jsonl · 45 immutable entries · each SHA-256 chained to the previous
MAS TRM §13 — VA & Penetration Testing → EXIA→HITL→DYNAMES pipeline
MAS TRM §12 — Security logging → 45-entry hash-chained ledger
ABS AASE 2.0 — Attack Simulation → HITL CP1 & CP4 active
PDPA + Banking Act §47 → synthetic data, self-hosted, no egress
Project VEDA — MBA Cybersecurity thesis · Xaltius Academy / BHS Switzerland
Visualisation reconstructed from real engagement data · findings, metrics and ledger counts are actual outputs.