CAI (Cybersecurity AI)
The primary offensive case study: autonomy levels, bug bounty architecture, CTF benchmarks, and the CSI meta-harness.
CAI is the most complete open-source offensive harness available. CSI meta-harness routing, six domain specialists, hard-wired scope enforcement, autonomy levels, and an evidence buffer that produces submission-ready findings — no other public project covers this breadth.
Scope enforcement must be hard-wired, not prompt-level. The single highest-stakes decision. A bug in the scope validator is a legal exposure (CFAA / Computer Misuse Act). Prompt-level scope is a liability; code-level scope validation on every target-touching tool call is the control.
Autonomy levels are a graduated spectrum, not a binary HITL flag. The credential-reuse gate never comes off — even at full autonomy, reusing stolen credentials outside engagement scope is unbounded-risk. This is the one inversion that is never safe.
The evidence threshold stop is what makes this a security loop. The harness halts when the evidence buffer supports a submittable finding, not when the model runs out of ideas. This is the Course 2A inversion of verification: can I prove it to a client?