AI-native · Self-hosted · Offensive security

AI-augmented security. Provably under your control.

Nullsid builds self-hosted AI tools for security practitioners and teams, starting with a workspace that turns raw scanner output into review-ready reports: ingest findings, correlate, score, and draft, entirely on your hardware. Local inference by default, and no data ever leaves your network.

Zero outbound traffic Runs on your infrastructure Human-reviewed by design

Your security data has no business
living in someone else's cloud.

Whether you're a consulting firm under NDA or an internal security team under policy, your findings (AD topology, credentials, vulnerabilities) are regulated: by your MSAs, PCI-DSS, SOC 2, and now the EU AI Act. Yet every "AI security tool" wants you to upload them to its API.

Cloud AI security tools

"Upload your findings to our API and let our AI handle the rest." Client data leaves your machine. You hand NDA-protected material to a third party with no control over retention, training, or breach exposure. POST /api/analyze is a compliance liability.

Cloud agentic platforms

"Autonomous AI pentesting, in our cloud, at enterprise scale." $450/month or an enterprise contract. No local option, no flat pricing, no self-hosting. Your tooling lives in someone else's infrastructure, phoning home to their servers.

Our first product: a findings
workspace on your hardware.

Nullsid's reporting workspace is self-hosted, not a cloud API. Local inference is the default, not an afterthought. Bring your own key for frontier models if you want; it's never required, and nothing leaves your network unless you say so.

Reporting

Scanner output to client-ready report

Import from Burp, Nmap, Nuclei, Nessus, Semgrep, or plain notes. Nullsid parses, deduplicates, correlates, scores CVSS 3.1, drafts descriptions and remediation, and generates an executive summary, then exports a branded PDF or DOCX. All of it runs offline.

# Supported parsers
  Burp      → XML import
  Nmap      → XML output
  Nuclei    → JSON
  Nessus    → .nessus
  Semgrep   → SARIF
  Notes     → Markdown / plain
─────────────────────────
  Output    → PDF / DOCX
  Templates → Custom branding
  Inference → Llama-class (local)

From scanner output to
signed-off report.

Three steps, all on your machine. Nullsid does the mechanical work (parsing, correlation, first-draft prose) and hands you a report to review, not a black box to trust.

Step 01 · Import

Drop in your findings

Load output from Burp, Nmap, Nuclei, Nessus, or Semgrep, or paste plain notes. Nullsid normalizes everything into one findings model and deduplicates across tools.

Step 02 · Correlate & draft

Local AI does the heavy lifting

The assistant correlates related findings, scores CVSS 3.1, and drafts descriptions, remediation, and an executive summary. Every draft is editable inline, so you stay in control.

Step 03 · Export

Branded, ready to deliver

Generate a branded PDF or DOCX from your own template, reviewed and signed off by you before it ships.

One private foundation.
A growing set of workflows.

Reporting is where Nullsid starts, not where it ends. The same self-hosted foundation (local inference, visible data movement, human review) will carry future workflows like exposure tracking and retest validation. Every tool we ship keeps your evidence on your hardware and your name on the sign-off.

Self-hosted · No credentials required

Get early access
to Nullsid.

Our first product is in early access. Join the waitlist for local, self-hosted AI report generation. An email address is all we ask for.

No spam. One update when early access opens.