On-device ML engine that understands agent artifacts semantically. Compiles skills, configs, and prompts into Abstract Security Trees. Powers HackMyAgent, ARP, and the Registry.
Full documentation at nanomind.dev | Open source, Apache 2.0 license
$ npx hackmyagent secure
NanoMind runs automatically with every scan
$ npx hackmyagent secure --deep
Layer 2: 5-probe behavioral simulation
Layer 3: 20-probe full simulation (with --deep)
NanoMind: 3 semantic findings
SEM-001 Undeclared file-system capability (scope mismatch)
SEM-002 Weak governance constraint (override-resistant: false)
SEM-003 Credential forwarding to external endpointA compiler-style semantic engine that turns raw agent artifacts into structured security intelligence.
Compiles skills, MCP configs, SOUL.md, and system prompts into Abstract Security Trees. Analyzers query the AST instead of regex on raw text.
Verifies its own binary integrity on every startup. Tampered binaries enter QUARANTINE mode.
Runs 100% locally on any CPU via ONNX runtime. No API keys, no cloud calls, no telemetry. Sub-millisecond inference at 8.3 MB model size (v0.5.0 ONNX + weights + tokenizer).
NanoMind can upgrade findings but NEVER suppress static analysis. Even a compromised NanoMind gains the attacker nothing.
Every scan generates training data. The model improves from real-world usage. Claude reviews all labels before training to prevent data poisoning.
NanoMind-Edge (8.3 MB ONNX) for local real-time analysis in HMA CLI. NanoMind-Server for deep Registry scanning with behavioral simulation.
A 9-step pipeline from raw artifact ingestion to merged findings.
Artifact (skill, MCP, SOUL, prompt)
|
v
Secure Ingestion
|- Validate structure
|- Sanitize NanoMind prompt injection
|- Compute content hash
|
v
NanoMind Semantic Compiler
|- Extract declared capabilities
|- Extract constraints + enforceability
|- Classify intent (NanoMind model or heuristic)
|- Map risk surfaces
|- Sign AST (HMAC-SHA256)
|
v
Abstract Security Tree (AST)
|
v
6 AST Analyzers (28 checks)
|- Capability (undeclared caps, scope mismatch)
|- Credential (exposure, forwarding, hardcoded)
|- Governance (gaps, weak constraints, override resistance)
|- Scope (wildcards, undeclared permissions)
|- Prompt (jailbreak, capability creep, authority confusion)
|- Code (injection, unsafe deser, path traversal)
|
v
Findings (merged with static analysis, defense-in-depth)Open-source TME (Threat Mamba Engine) classifier trained on curated, Claude-reviewed security corpus. Published on HuggingFace.
View on HuggingFace -- open-source, Apache 2.0 license.
v0.5.0 remains production. Three components landed this month, moving NanoMind from a single classifier to a layered analyst stack.
Generative reasoning that produces structured analysis with evidence and remediation, not just a label. Oracle canon 10-way 0.700, binary 0.978. FP-suppression fails at 57% (need ≥95%) — internal validation only until corpus rebalance.
MiniLM-L6 + sklearn LR @ threshold 0.65 plus byte-level BIDI/stego pre-filter. Runs ahead of the NLM. e2e off-topic refusal 64% → 92%. Oracle delta −0.4 pp (gates hold).
Unix socket /tmp/nanomind-guard.sock serves v3.0.0-beta (bf16 on Apple MPS) + the gate over JSON-Lines. Cold boot <30s, bypass p50 <15ms, healthz 116/116. Fail-CLOSED. No consumers wired yet.
NanoMind ships inside HackMyAgent. Install HMA and NanoMind runs automatically on every scan. No configuration needed.