Proposed product 2 of 2 · Antivirus

Bulwark — the antivirus

Not a signature engine. Not an EDR widget. Proposed design: the Fulcrum pipeline run continuously, unattended, against the device images and firmware revisions critical infrastructure actually deploys.

Status Proposed design, not operational. Bulwark’s campaign schema and disclosure-terminal contracts are scaffolded in source; continuous unattended runs against live vendor surfaces are not yet deployed. If built per the design, the resulting software would fall under EAR ECCN 4D004 (intrusion-software command and control), with controls allowlist-gated, append-only audit-logged, and disclosure-terminal pinned to coordinated-disclosure channels.

By design, Bulwark would run the same seven steps as Fulcrum, but with the schedule as the operator, the vendor surface (Cisco IOS XE, Juniper Junos, Fortinet FortiOS, ICS firmware, federal civilian-agency images) as the target set, and the same EVRP-pinned disclosure terminal. Once built, findings would exit only through coordinated disclosure — a Bulwark run would not be able to terminate at a broker, an internal-only stockpile, or a private exploit retention. The profile would be gated; unauthorized accounts could not launch it; every run would be append-only audit-logged in Firestore. See EAR compliance for the full control inventory the design specifies.

TriggerVendor advisoryNew CVE / firmware drop / signed image rotation
DiffGhidra headlessContinuous patch-diff across the vendor surface
SearchVariant huntSibling sinks of the patched bug class, every advisory
FuzzAFL++ campaignPersistent corpora, repeated coverage runs
Triagegdb / pwndbgAuto-classified by exploit primitive
PoCpwntoolsMinimal repro auto-generated for vendor
DiscloseHackerOne / PSIRT / CERT/CCPinned terminal; broker channels structurally invalid

The same seven steps that, run on a single CVE-2023-20198 patch in late 2023, would have surfaced the variant class Salt Typhoon weaponized 14 months later. The thing that didn’t exist was the agent loop to run them continuously, across the entire vendor surface, without a human in the patch-diff seat for every iteration. Bulwark is the proposed agent loop to fill that gap.

Sample workflow · design illustration salt-typhoon-eviction.yaml Illustrative Bulwark campaign showing how the seven phases would walk the vendor surface Salt Typhoon weaponized. Not output from an operational run; shown to communicate the design. 
# salt-typhoon-eviction.yaml — sample Bulwark campaign.
# Run continuously and unattended; PSIRT subscription auto-seeds.

campaign:
  name:     salt-typhoon-eviction
  intent:   CND                  # antivirus / eviction
  cadence:  continuous           # no operator in the loop per cycle
  audit:    firestore://bulwark_runs/{run_id}

surface:
  # Layers 1+2 of the eviction stack: where the entry vector and
  # the persistence implants live.
  - vendor: cisco
    product: ios-xe
    coverage: all 16.x and 17.x trains
    images_from: software.cisco.com
  - vendor: cisco
    product: ios-classic
    coverage: 12.x train (legacy ISP edge)
  - vendor: cisco
    product: nx-os
    coverage: 9.x and 10.x
  - vendor: cisco
    product: smart-install
    note: legacy feature, CVE-2018-0171 surface

seeds:
  # Patched CVEs whose variant class Bulwark hunts. New advisories
  # auto-ingest via PSIRT RSS; the entries below are the historical
  # Salt Typhoon entry vectors as initial reference points.
  - id: CVE-2023-20198
    component: ios-xe / web-ui
    primitive: privilege escalation via web management
  - id: CVE-2023-20273
    component: ios-xe / web-ui
    primitive: command injection
  - id: CVE-2018-0171
    component: smart install
    primitive: RCE on stale feature

pipeline:
  - phase: acquire    tool: software.cisco.com fetcher
    out:   paired_image{patched, vulnerable}
  - phase: diff       tool: ghidra-headless
    out:   bindiff/{added, removed, modified}.json
  - phase: search     tool: variant-hunt
    target: sibling sinks of seed primitives
    out:   candidate_locations.jsonl
  - phase: fuzz       tool: afl++
    duration_per_target: 24h
    corpus: /var/bulwark/corpora/{component}
  - phase: triage     tool: gdb + pwndbg
    classify: [crash_kind, exploit_primitive, reachability]
  - phase: poc        tool: pwntools
    constraint: minimal repro for vendor confirmation
  - phase: disclose   terminal: cisco-psirt
    cc: [cert-cc, hackerone]
    severity_floor: medium

disclosure:
  # Pinned in code (src/contracts/evrp.schema.json —
  # DisclosureTerminal enum). A Bulwark run cannot terminate
  # at any other channel.
  allowed:   [psirt, hackerone, cert-cc, public-90day-advisory]
  forbidden: [broker, private_retention, internal_only_stockpile]

constraints:
  ear:              ECCN 4D004
  allowlist_gated:  true
  rulebook:         src/contracts/agent-rules.schema.json

# Illustrative output — design mock-up, not a real run.
$ trenchwork bulwark deploy salt-typhoon-eviction.yaml
[bulwark 16:42:01] campaign loaded — surface: 4 trains across 1 vendor
[bulwark 16:42:01] seeds resolved — 3 historical CVEs (Salt Typhoon vectors)
[bulwark 16:42:02] PSIRT subscription active — new advisories auto-seed
[bulwark 16:42:04] phase acquire ▸ 18 paired images queued
[bulwark 16:43:12] phase diff ▸ ghidra-headless workers: 12 (16.x: 8, 17.x: 4)
[bulwark 16:51:28] phase search ▸ 47 candidate variant locations
[bulwark 17:02:09] phase fuzz ▸ afl++ campaigns: 47 × 24h queued
[bulwark 17:02:09] disclosure terminal: cisco-psirt (cc: cert-cc, hackerone)
[bulwark 17:02:09] audit log: firestore://bulwark_runs/2026-05-12T16:42:01Z

If built, sale and use would be scoped under EAR ECCN 4D004, with controls allowlist-gated and append-only audit-logged.

Open portal → Email the operator

Fulcrum Details →

Driver
Operator
Cadence
Per-engagement
Scope
Chosen target
Intent
CNE / CNA-shaped, disclosure-pinned
Surface
Variant research, exploit dev

Bulwark this page

Driver
Schedule
Cadence
Continuous, unattended
Scope
Vendor surface deployed at scale
Intent
CND, coordinated-disclosure-pinned
Surface
Eviction by pre-empting the next weaponized variant