RISING_SUN BIOS v3.14
Copyright (C) 2025 Rising Sun Industries
Initializing system...
Memory check: 64GB OK
Loading kernel modules...
[OK] display.driver
[OK] network.stack
[OK] ascii.renderer
[OK] terminal.emulator
Mounting filesystems...
/dev/projects mounted
/dev/updates mounted
/dev/portfolio mounted
Starting services...
creativity.daemon [RUNNING]
code.compiler [RUNNING]
caffeine.monitor [CRITICAL]
System ready.
Welcome to RISING_SUN
Press any key to skip...

 ╱╲
╱  ╲
────
RISING_SUNdev portfolio

Nullcone

BETA

Distributed real-time threat intelligence for AI-native defense

#security#ai#python#rust#threat-intel#mcp#infrastructure
>View One-Pager

Nullcone is a distributed threat intelligence platform purpose-built for the AI-native era. Every sensor, honeypot, and EDR endpoint subscribes to a live IOC feed via SpacetimeDB — no polling, no stale data, no REST roundtrips.

Core Innovation

**AI-native IOC types** that no existing platform offers: - **PROMPT**: Prompt injection payloads targeting AI agents - **SKILL**: Malicious tool/plugin definitions designed to abuse agent capabilities

Traditional threat intel platforms were designed for human-operated systems. Nullcone is the first built with AI agents as first-class consumers.

Key Features

  • >Real-Time Database: 592k+ IOCs streamed live via SpacetimeDB — the moment a new threat is ingested, every subscriber knows
  • >Three Integration Paths: Python SDK (`NullconeAgent`), REST API, and MCP server for direct Claude/GPT integration
  • >Binary Encoding: ~10x compression vs JSON via Emergent Languages integration — minimal bandwidth for edge agents
  • >Multi-Source Ingestion: abuse.ch, MalwareBazaar, GitHub threat intel feeds, Voidly Atlas censorship intelligence (126 countries), with extensible ingestor architecture
  • >Adaptive Codebook: Per-session compression that improves as symbol usage patterns emerge

How It Works

  1. 1.1. Ingestors pull from public and private threat feeds continuouslyIngestors pull from public and private threat feeds continuously
  2. 2.2. IOCs are binary-encoded and written to SpacetimeDB with EL compressionIOCs are binary-encoded and written to SpacetimeDB with EL compression
  3. 3.3. Subscribers receive live updates the moment new IOCs land — no polling requiredSubscribers receive live updates the moment new IOCs land — no polling required
  4. 4.4. AI agents query via MCP tool calls; humans use the REST API or Python SDKAI agents query via MCP tool calls; humans use the REST API or Python SDK

AI Agent Integration

The MCP server turns Nullcone into a native tool for Claude and GPT-4 agents: - `check_ioc(value)` — instant threat lookup from any agent session - `subscribe_feed(type)` — real-time IOC push to agent context - `report_ioc(value, type)` — crowdsourced threat reporting from agents in the field

Tech Stack

SpacetimeDB (Rust WASM module) for the real-time database. FastAPI REST gateway. Python 3.11+ SDK with httpx and websockets. Emergent Languages binary encoding for compression. MCP server compatible with Claude, GPT-4, and any MCP-capable agent runtime.

Intelligence Sources

Nullcone ingests from a growing network of public and partner feeds:

  • >abuse.ch / MalwareBazaar:
  • >GitHub threat intel feeds:
  • >Voidly Atlas:
<back to projects