Flagship · v1.0 shipped
CivicSec Lab
An open-source cyber and data intelligence platform for small civic organisations — six modules connected through a shared civic risk model. v1.0 shipped.
Evidence → Confidence → Human review → Response
Command centre
live signal → evidenceVulnerabilities
ThreatBoard
Login anomalies
LogLens
Dataset privacy
DataPrivacy Doctor
Narrative spikes
Misinformation Obs.
Civic Risk Model
shared RiskEvent core
Six instruments
Six modules, one shared civic risk model.
Each module turns a different raw signal into the same structured RiskEvent — so analysts read one consistent evidence object, not six dashboards. Step through them:
ThreatBoard
Vulnerability intelligence and exposure prioritisation.
Signal in
Known exploited vulnerabilities, EPSS scores, affected assets.
Transform
ThreatBoard
Evidence out
Explainable asset-vulnerability risk events.
The shipped product
v1.0, running. Not mockups.
Captured from the live platform with its seeded demo workspace. All data is fictional; the software is not.





The shared object
Everything resolves to a RiskEvent.
The RiskEvent is the spine of the system. It keeps observed signal, inferred risk, and recommended action distinct — and it never lets confidence hide.
Evidence
what was observed, with a trail
Severity
how serious, on a shared scale
Confidence
how sure — never hidden
Affected entity
asset, account, dataset, or narrative
Human review
state before any escalation
Architecture
From raw sources to a reviewable interface.
01 · Sources
- Assets
- Login events
- Datasets
- Public narratives
- Incident notes
02 · Processing
- Collectors
- Validators
- Anomaly checks
- Privacy scans
- Narrative clustering
03 · RiskEvent Core
- Evidence
- Severity
- Confidence
- Affected entity
- Human review state
04 · Interface
- Review queue
- Risk graph
- Playbooks
- Reports
- Exportable timelines
Civic Risk Graph
One context layer connects the signals.
A suspicious login, a leaked dataset, and a narrative spike can be the same incident. The risk graph links assets, accounts, datasets, and narratives so correlation and escalation are explainable — not a black box.
Hover a node to trace its connections.
Roadmap
Where it is, where it's going.
- 1
Prototype
Define RiskEvent schema, build module shells, and test review workflows with representative sample data.
- 2
Evidence Layer
Connect vulnerability, login, privacy, and narrative signals into one shared evidence model.
- 3
Review Console
Build analyst-facing triage views, responsible-use copy, and exportable incident reports.
- 4
Open Release
Package defensive defaults, documentation, deployment notes, and contribution guidelines.
Stack
Responsible use
- Defensive and public-interest use only.
- Human review before escalation or external reporting.
- Evidence trails over black-box certainty.
- Privacy-aware defaults for under-resourced civic organisations.
- Clear distinction between observed signals, inferred risk, and recommended action.
Defensive, public-interest use only — no exploit code, ever.
Interested in the build, or want to collaborate?
Happy to share direction, architecture notes, and progress.
