All work

Flagship · v1.0 shipped

CivicSec Lab

An open-source cyber and data intelligence platform for small civic organisations — six modules connected through a shared civic risk model. v1.0 shipped.

Evidence → Confidence → Human review → Response

Command centre

live signal → evidence

Vulnerabilities

ThreatBoard

Login anomalies

LogLens

Dataset privacy

DataPrivacy Doctor

Narrative spikes

Misinformation Obs.

Civic Risk Model

shared RiskEvent core

human reviewresponse

Six instruments

Six modules, one shared civic risk model.

Each module turns a different raw signal into the same structured RiskEvent — so analysts read one consistent evidence object, not six dashboards. Step through them:

Module 01 / 06human review before escalation

ThreatBoard

Vulnerability intelligence and exposure prioritisation.

Signal in

Known exploited vulnerabilities, EPSS scores, affected assets.

Transform

ThreatBoard

Evidence out

Explainable asset-vulnerability risk events.

The shipped product

v1.0, running. Not mockups.

Captured from the live platform with its seeded demo workspace. All data is fictional; the software is not.

CivicSec Lab Command Center dashboard
Command Center — live risk posture: 52 risk events by severity, triage coverage, module health
ThreatBoard vulnerability intelligence overview
ThreatBoard — 1,626 CVEs ingested, KEV-matched against org assets with explainable risk scores
LogLens login anomaly queue
LogLens — anomaly queue: failed-login bursts, impossible travel, new devices, with confidence
Misinformation Observatory narrative clusters
Observatory — TF-IDF narrative clusters with sentiment and analyst review states
Civic Risk Graph cross-module view
Civic Risk Graph — 43 entities, 23 relationships across every module, on React Flow

The shared object

Everything resolves to a RiskEvent.

The RiskEvent is the spine of the system. It keeps observed signal, inferred risk, and recommended action distinct — and it never lets confidence hide.

  • Evidence

    what was observed, with a trail

  • Severity

    how serious, on a shared scale

  • Confidence

    how sure — never hidden

  • Affected entity

    asset, account, dataset, or narrative

  • Human review

    state before any escalation

Architecture

From raw sources to a reviewable interface.

01 · Sources

  • Assets
  • Login events
  • Datasets
  • Public narratives
  • Incident notes

02 · Processing

  • Collectors
  • Validators
  • Anomaly checks
  • Privacy scans
  • Narrative clustering

03 · RiskEvent Core

  • Evidence
  • Severity
  • Confidence
  • Affected entity
  • Human review state

04 · Interface

  • Review queue
  • Risk graph
  • Playbooks
  • Reports
  • Exportable timelines

Civic Risk Graph

One context layer connects the signals.

A suspicious login, a leaked dataset, and a narrative spike can be the same incident. The risk graph links assets, accounts, datasets, and narratives so correlation and escalation are explainable — not a black box.

Hover a node to trace its connections.

AssetAccountDatasetNarrativeRiskEventAlertIncident

Roadmap

Where it is, where it's going.

  1. 1

    Prototype

    Define RiskEvent schema, build module shells, and test review workflows with representative sample data.

  2. 2

    Evidence Layer

    Connect vulnerability, login, privacy, and narrative signals into one shared evidence model.

  3. 3

    Review Console

    Build analyst-facing triage views, responsible-use copy, and exportable incident reports.

  4. 4

    Open Release

    Package defensive defaults, documentation, deployment notes, and contribution guidelines.

Stack

DjangoDjango REST FrameworkPostgreSQLReactTypeScriptTailwind CSSCeleryRedisscikit-learnNetworkXDocker

Responsible use

  • Defensive and public-interest use only.
  • Human review before escalation or external reporting.
  • Evidence trails over black-box certainty.
  • Privacy-aware defaults for under-resourced civic organisations.
  • Clear distinction between observed signals, inferred risk, and recommended action.

Defensive, public-interest use only — no exploit code, ever.

Interested in the build, or want to collaborate?

Happy to share direction, architecture notes, and progress.

Get in touch