Clay Good

Intermediate
@clay-good

Security Engineer

OpenLore. Deterministic, local-first memory and guardrails for AI coding agents with no LLM in the hot path.

189

mantissa-log. Mantissa Log is an open-source and cost-transparent engine that uses a natural language interface to "Ask Questions. Detect Threats. Trace Performance. Automate Responses."

13

mantissa-stance. An enterprise-grade, agentless, and open-source cloud security platform for AWS, GCP, and Azure that combines CSPM, DSPM, CIEM, ASM, and vulnerability management with deterministic YAML policies and natural language querying.

12

enklayve-ai. Enklayve is a free, local, private, and secure personal AI desktop application, built with Tauri and llama.cpp/Qwen, that provides robust document intelligence capabilities using fast embeddings.

8

vaulytica. Always free deterministic linter for legal documents.

7

proxilion-mcp. Proxilion MCP Security Gateway is a self-hosted, Docker-ready security gateway that provides real-time threat detection (<50ms P95 latency) against insider threats, compromised accounts, and rogue AI agents by analyzing tool calls from assistants like Copilot and Claude Code, achieving a 75-85% detection rate against sophisticated attacks.

6

qiuth. Qiuth transforms standard bearer API keys into proof-of-possession tokens, using multi-factor security layers like IP validation, TOTP, and certificate validation to prevent unauthorized access even if your key is leaked.

5

attestful. Prove your compliance posture with automated evidence and clear visualization. Open-source, OSCAL-native evidence collection from 30+ platforms with self-hosted/air-gapped deployment support.

5

nisify. Nisify is a NIST CSF 2.0 compliance evidence aggregation tool that automatically collects technical evidence from 13 cloud platforms, maps it to the 106 NIST controls alongside your manual governance documents, and provides a transparent, real-time dashboard for measuring compliance maturity and tracking gaps.

5

agent-replay. agent-replay is a 100% local, SQLite-powered CLI tool for time-travel debugging AI agents that lets you replay execution traces, diff behavioral changes, fork runs to test fixes, and run AI-powered evaluations or safety guardrails to eliminate hallucinations and production failures.

5

encryptalotta. Encryptalotta is a 100% private, client-side PGP suite that enables secure key generation, file and text encryption, and digital signing directly in your browser with zero server uploads and an offline-first security architecture.

4

policybind. PolicyBind is an AI Policy-as-Code platform that enables organizations to govern AI usage through a unified model registry, real-time token-based access control, and automated compliance reporting for frameworks like the EU AI Act and NIST AI RMF.

4

blastauri. Blastauri secures and stabilizes your dependency upgrades by detecting breaking changes, prioritizing CVE fixes, and providing instant mitigation with automated WAF rule generation and management.

3

worldify. Worldify is a persistent fact store for AI world simulations.

3

reviewr. Reviewr is an AI-powered code review tool that prevents bugs and security issues from reaching production by providing pre-commit validation and seamless post-commit (MR/PR) integration with both GitLab and GitHub CI/CD pipelines.

3

proxilion-mitm. Proxilion MITM is a zero-configuration network-layer MITM proxy that secures enterprise AI usage through real-time PII redaction, ML-based anomaly detection, and automated compliance auditing via a high-performance GraphQL API Gateway.

3

proxilion. Proxilion is the security layer for the agentic workforce. It turns managed AI agents into governed users by enforcing strict cryptographic boundaries on every API call to SaaS like Google Workspace, Salesforce, or Atlassian.

3

origin. Origin is a lightweight, pluggable library for AI pipelines that automatically tracks runtime data provenance, cryptographic batch fingerprinting, and license propagation to ensure model compliance and reproducibility.

2

genesis-preflight. Genesis Preflight is a zero-dependency Rust command-line tool that ensures your scientific datasets are AI-ready for the Genesis Mission by validating them against the full FAIR principles (Findable, Accessible, Interoperable, Reusable) and automatically generating all required documentation.

2

tpu-doc. tpu-doc is a zero-dependency diagnostic binary for Google Cloud TPU environments that instantly validates hardware health, discovers software stack configurations, and provides AI-powered log analysis to eliminate expensive debugging downtime.

2

bountybot. BountyBot is an AI-powered security automation tool that dramatically accelerates bug bounty triage and validation, combining AI analysis, static and dynamic code analysis, and automated PoC execution to deliver confident assessments and achieve a 70-85% reduction in false positives and 5-10x faster validation.

1

provenance. A cryptographic authority tracking system that eliminates confused deputy attacks by construction.

1

invariant. Invariant is an open-source, cryptographic command-validation firewall that sits between AI models and actuators to provide provable, deterministic safety profiles and append-only signed audit logs for physical systems like robotics and biosynthesis lines.

1

codelicious. Codelicious is a headless autonomous developer CLI that transforms markdown specifications into production-ready Pull Requests with zero human intervention. It orchestrates a dual-engine architecture powered by Claude Code and Hugging Face (DeepSeek for reasoning and Qwen for Coding). Specs -> Code -> Tests -> Iterate -> PRs/MRs

1
24
Apply