Cyber risk today is mostly documented in spreadsheets, PDFs, and slide decks formats that are hard to version, automate, or integrate with tooling.
CRML (Cyber Risk Modeling Language) aims to represent cyber risk as structured, machine-readable models instead of documents. This allows risk scenarios to be version-controlled, generated by tools, and executed through simulations.
CRML Code is an AI-powered CLI that brings CRML to practitioners who don’t want to write YAML. Give it a company name, vulnerability scan, or simple prompt, and it automatically generates structured CRML scenarios. It resolves organizational context, builds realistic cyber risk models, and runs large-scale simulations to produce financially grounded risk insights and control impact analysis.
I didn t build our internal compliance tracking tool the traditional way.
I vibecoded it.
Instead of long PRDs, heavy sprint planning, and weeks of back-and-forth, I stayed close to the problem and built in tight feedback loops shipping small, observing behavior, and iterating fast.
CRML
