NOTE: This is an EARLY PHASE open development project which will evolve with your participation.
A future-proof logic model driven framework that leverages existing tools and AI agents for security assessment and remediation.
Validated against the OWASP Juice Shop.
The tool helps teams systematically reduce risk rather than just generate findings by connecting discovery and understanding to remediation.
- Loads documents such as:
- Generates a structured knowledge graph to drive learning, audit, reporting and remediation processes.
From the graph the tool:
-
Projects (realtime renders from the graph) a navigable synthesis of all documents.
-
Generates technical interactive visualizations to explain security concepts.
-
Projects an executable audit plan with an API to intergate with AI agent systems or manual investigation workflows.
-
Projects an audit report and associated executable remediation plan with an API to intergate with AI agent systems or manual remediation workflows.
-
Projects application security health scores to celebrate achievements.
Application security is a complex and ever evolving topic that quickly becomes overwhelming.
Asking small projects to review thousands of security related guidance documents to validate security in their applications is not practical.
This leads to lack of security not due to lack of knowledge but lack of ability to apply it.
The emergence of AI and rise of graph-based data structures enables a new paradigm of knowledge application.
Blue Guardian provides a framework to harness AI organizational and agent capabilities towards the domain of application security.
With strategic pre-built prompts and code templates in an automated workflow process, the tool can:
- Automatically assess and remedy well-understood security risks
- Guide a human to complete the last mile
The tool recognizes that 100% automation is not practical and open interfaces allow for ecosystem integration.
The focus is on looping human and AI into a productive dance towards real results.
Empower all individuals and teams to reach a baseline security posture required to operate responsibly in a hostile digital environment.
- A graph model for source documents and directed action
- A graph-based document viewer for contextual learning
- A framework to generate interactive visualizations for educational purposes
- A graph-based report viewer
- A workflow graph governed by policy priority
- An AI agent orchestration API
The tool will integrate with various AI agent systems for the purpose of:
- Automatic document ingestion & graph generation
- Automatic technical visualization generation
- Automatic investigation
- Automatic remediation
- 2026 Q1
- Announce project and attract initial contributor team
- 2026 Q2
- Document viewer & interactive example generation
- Workflow viewer with human-AI loop
- Complete prototype running against Juice Shop
- First problem automatically identified
- First problem automatically fixed
- 10% of problems automatically fixed in Juice Shop
- 2026 Q3
- Reports & scoring
- 50% of problems automatically fixed in Juice Shop
- 2026 Q4
- 95% of problems automatically fixed in Juice Shop
The project will be built in the open with a team of contributors adapting it to new requirements as they come in.
The initial project development path is flexible on purpose and influenced by the interests of contributors.
Below is a preview of the Library section of the tool. It shows how datasets are imported and navigatable with local rendering. The goal is to organize all source documents into a graph with all their attributes so they can be browsed from different perspective.
There is also a preview of a codepath execution visualization to be used for learning.
 |
 |
 |
(c) 2026 Christoph.diy • Code: Apache 2.0 • Text: CC BY-SA 4.0