Cyber risk today is mostly documented in spreadsheets, PDFs, and slide decks formats that are hard to version, automate, or integrate with tooling.

CRML (Cyber Risk Modeling Language) aims to represent cyber risk as structured, machine-readable models instead of documents. This allows risk scenarios to be version-controlled, generated by tools, and executed through simulations.

I didn t build our internal compliance tracking tool the traditional way.

I vibecoded it.

Instead of long PRDs, heavy sprint planning, and weeks of back-and-forth, I stayed close to the problem and built in tight feedback loops shipping small, observing behavior, and iterating fast.

The flow was simple:

Key Features

Next-Gen AI Gateway

• Transparent Proxy: Routes traffic to OpenAI, Anthropic, or Local LLMs (Ollama) seamlessly.

• Policy Enforcement: Blocks malicious requests (e.g., Prompt Injection) and prevents sensitive data leaks (DLP) in real-time.

• Dynamic Configuration: Manage routes and backends directly from the UI without restarts.

Advanced Visualization & Dashboard

We built ZIN Advisor to go beyond dashboards helping teams think, reason, and decide faster.

Would love feedback from the community:

• What should a cyber risk copilot do really well?

• What frustrates you about current security tooling?

• Any must-have integrations or workflows?

Your input helps shape what comes next.

We ve standardized infrastructure, deployments, and networks using code, but risk has largely remained trapped in spreadsheets, static registers, and fragmented tooling. CRML feels like a strong step toward making cyber risk portable, machine-readable, and automation-ready.

What stands out is the framework-agnostic approach. Organizations today don t operate in a single control universe they juggle ISO, NIST, CIS, regulatory mandates, and internal models. A declarative layer that can sit above these and enable simulation, telemetry mapping, and quantification could significantly improve how leaders understand and act on cyber exposure.

Excited to see where this goes especially the possibilities around integrating risk models into real-time decision systems and bridging the gap between security operations and business risk.

Hi Community,

This is Sanket here. Building in the space of agnetic cyber risk management. Here to explore whats being built in the space and eventually launch my new product here. Anything that you think I should keep in mind let me know.

Writing on the @1Password blog, Jason Meller says that he found that the top downloaded OpenClaw skill was a malware delivery vehicle:

While browsing ClawHub (I won t link it for obvious reasons), I noticed the top downloaded skill at the time was a Twitter skill. It looked normal: description, intended use, an overview, the kind of thing you d expect to install without a second thought.

But the very first thing it did was introduce a required dependency named openclaw-core, along with platform-specific install steps. Those steps included convenient links ( here , this link ) that appeared to be normal documentation pointers.

They weren t.

Both links led to malicious infrastructure.

Indeed, this wasn't an isolated case.