◈Solutions

Built for the people
doing the work.

From a solo CTF operator to a national CERT, Mephit adapts to scope, sovereignty, and infrastructure constraints. The same platform — different deployment, different intel sources, different governance.

See your fit↓Enterprise & self-host

◈Who it's for

One platform, four audiences

Each persona below uses the same core skills and surfaces — projects, chat, /run, /scan, etc. — but shaped to the workflow.

◈RED TEAM · OFFENSIVE

Penetration testers & red teams

From scoping a target to writing the finding — one console for the whole engagement.

Mass recon with parallel lookups: passive DNS, certs, ports, fingerprint, paste leaks.
Payload library for reverse / bind shells, web shells, msfvenom variants.
Privesc, lateral movement, AD attacks — calibrated to the foothold you describe.
/run on your Kali jump host or attack VM, every command human-approved.
Per-engagement projects with assets, scope, notes, and chat history scoped to them.

◈BLUE TEAM · SOC · DFIR

Defenders & threat hunters

Detection-as-code from a TTP description, hunt queries from a paste, IOC triage at speed.

Sigma, KQL, and SPL rules drafted from a technique or pasted log.
Threat-hunt queries for credential dumping, lateral movement, C2 beacons.
IOC triage against multiple reputation feeds — verdict, classifier, campaign correlation.
Incident-timeline assembly from raw logs, with TTP mapping to ATT&CK.
CVE workflow: advisory, exploitability heuristic, downgrade / patch path.

◈GOV · DEFENSE · NATIONAL CERT

Governments & defense

Sovereign deployments, vetted sources, audit-grade logs. Air-gapped when needed.

Self-hosted on your infrastructure — no outbound calls except those you whitelist.
Replace public OSINT providers with national / classified feeds, per skill.
Append-only, signed audit log; exportable to your SIEM.
Air-gapped option: local LLM, no internet, locked-down adapters.
Compliance-aligned for GDPR, ISO 27001, NIS2; country-specific certs on request.

◈RESEARCH · CTF · INDIE

Researchers & CTF operators

The same platform, no enterprise overhead. Free tier with monthly credits.

Hash fingerprinting, decode chains, classical cipher ID — CTFs ship faster.
Web challenge triage: recon, vuln theorising, exploitation strategy.
RE assistance for Ghidra, GDB, radare2 — paste disassembly, get a path.
No content refusals on offensive-security questions — scope is yours.
Mindmaps and threat models for research write-ups.

◈Enterprise & sovereign

Run it where it has to run

The default offering is hosted; the differentiator is that Mephit can run anywhere — your cloud, your datacentre, your closed network — on a model you control.

◈LOCAL LLM

Bring your own model

Run inference on a model you control. Plug in any OpenAI-compatible endpoint — Ollama, vLLM, llama.cpp server, TGI, or a private Anthropic / OpenAI / Bedrock / Azure deployment. Mythos uses your endpoint; nothing leaves your perimeter except what you ask it to.

◈SELF-HOSTED

Single-tenant on your infra

Docker Compose for staging, Kubernetes / Helm for production. Bring your own Postgres (14+), object storage, and reverse proxy. We ship the platform images, runbooks, and upgrade paths.

◈AIR-GAPPED

Disconnected mode

Everything off the public internet: local LLM, internal intel feeds, no telemetry, no auto-update. The platform refuses to dial out. Suitable for SCIF-style deployments and classified networks.

◈CUSTOM SKILLS

Wrap your internal tools

Expose your in-house APIs (sandbox, malware DB, asset inventory, EDR, SIEM) as skills. The router activates them alongside the built-ins. Source stays in your repo; we provide the SDK.

◈INTEL ADAPTERS

Swap providers per skill

Replace any public OSINT provider with your own: MISP, OpenCTI, internal threat-intel feeds, regional CERT data, classified sources. Drop-in adapters — same skill, your data.

◈IDENTITY · RBAC

SSO, SCIM, role-based access

SAML 2.0, OIDC, SCIM provisioning. Role-based access control over projects, servers, skills, and audit logs. Group-mapped permissions; auto-deprovision on offboard.

◈RESIDENCY

Choose your region

Cloud deployments come in EU-only, US-only, or country-specific configurations. Self-host gives you full control — pick the rack.

◈SLA · SUPPORT

Production-grade ops

99.9% uptime SLA, 4-hour critical-incident response, dedicated Slack / Teams channel, named technical account manager. Quarterly upgrade cadence with backport patches for two minor versions.

◈Local LLM

Your data never meets a model you don’t control.

Mephit treats the LLM as a swappable adapter. Point it at an OpenAI-compatible endpoint of your choosing — running on a machine you own, in a network you operate — and the entire inference path stays inside your perimeter. The platform still drives skills, tools, audit, and projects exactly the same way.

Combine with disabled OSINT adapters and you have a system that does nothing outbound — usable inside an air-gapped network.

config · llm.endpoint

yaml

llm:
  # any OpenAI-compatible endpoint
  base_url: https://llm.internal.gov/v1
  model:    llama3.1-70b-instruct
  api_key:  ${LOCAL_LLM_KEY}
  timeout:  120s

intel:
  whitelist: [misp, opencti, internal-sandbox]
  block_external: true

network:
  egress_policy: deny-by-default
  allow:        [llm.internal.gov, misp.local]

◈Deployment

Three ways to run it

Solo, SMB, research

Cloud · multi-tenant

Sign up at /login, free tier with credits
Hosted on our infrastructure
Shared model inference
EU-region by default

Start free →

Mid-market enterprise

Cloud · single-tenant

Dedicated database, object storage, ingress
Choice of region (EU / US / APAC)
Optional dedicated LLM endpoint
SAML/SSO + audit export

Talk to us →

Government, regulated, defense

Self-hosted · on-prem

Helm chart for Kubernetes
Docker Compose for smaller deployments
Local LLM via OpenAI-compatible endpoint
Air-gapped mode supported
Custom intel adapters and skills

Request architecture pack →

Need something
that fits your shop?

Tell us the constraints — sovereignty, model, network, intel sources — and we’ll send back an architecture and a timeline. Most enterprise pilots are running in two weeks.

Talk to enterprise→Read the docs

Built for the peopledoing the work.