Three AI orchestrators on one pipeline: Fulcrum for offensive security, Bulwark for antivirus, Closure for synchronized eviction.
Fulcrum is the AI orchestrator for offensive security. Bulwark is the corresponding AI orchestrator for antivirus. Closure is the AI orchestrator for synchronized eviction — the planning-and-validation bridge that turns Fulcrum’s and Bulwark’s research output into something the carrier-and-CISA operation can act on. One pipeline underneath, three different orchestrators on top.
The work of offensive security and the work of antivirus is the same seven-step loop: acquire the patched and vulnerable images, patch-diff them, search for sibling variants of the patched bug class, fuzz, triage in a debugger, build a minimal proof of concept, and disclose through a coordinated terminal. What changes between the two is who’s driving and how often.
The AI orchestrator for offensive security.
Operator brings a target — a vendor advisory, a binary, a patched/vulnerable image pair — and Fulcrum runs the seven steps to a coordinated-disclosure terminal. Per-engagement cadence. Kali wrappers, AFL++, Ghidra headless, pwntools, gdb / pwndbg. CNE / CNA-shaped technique inventory, disclosure terminal pinned in code.
Open Fulcrum →The AI orchestrator for antivirus.
Schedule drives. Vendor surface is the target set — IOS XE, Junos, FortiOS, ICS firmware, federal civilian-agency images. The same seven steps run continuously and unattended; PSIRT subscriptions auto-seed new advisories. CND intent, coordinated-disclosure terminal, broker channels structurally invalid in the schema.
Open Bulwark →The AI orchestrator for synchronized eviction.
Per-eviction-operation. Phase 1 planner produces the simultaneous-cut artifact CISA AA25-239A requires — trust graph, dependency-ordered touch list, personnel allocation, OOB comms plan. Phase 2 validator re-runs the Bulwark pipeline against post-eviction images and emits the Milestone-3 sign-off packet. Coordinated-handoff terminal pinned in code; carrier owns execution.
Open Closure →apt install kali-tools-top10 and pull the latest Ghidra release. The moat is the AI orchestrator on top: an agent loop that wires the seven-step pipeline into a single autonomous workflow, runnable per-engagement with an operator in the seat (Fulcrum), continuously across the whole vendor surface without one (Bulwark), or as the planning-and-validation bookend that locks both of those into a real eviction operation (Closure). As of this writing no other vendor has produced equivalent automation against the IOS XE / Junos / FortiOS / firmware surface — the reason Salt Typhoon worked is precisely that the manual-operator-hour cost of running the same workflow without that orchestration is humanly intractable at nation-state APT tempo. Fulcrum is the per-engagement form; Bulwark is the antivirus form; Closure is the eviction-bridge form. The orchestrator is the product, in all three cases.
Full design detail: Fulcrum for the operator-driven CNO surface, Bulwark for the continuous CND agent, Closure for the eviction bridge. The Salt Typhoon thesis that motivates all three lives on the home page; the conditional EAR classification (ECCN 4D004 if built) and the controls the design specifies live on the EAR compliance page; the operation Closure is designed to plan-and-validate lives on the eviction runbook.