BLADE RUNNER Documentation
Rogue AI Agent Termination Framework
V1.0.0
Overview
BLADE RUNNER is a post-compromise termination framework that hunts down specific rogue AI agents across your infrastructure, maps their offspring, and permanently removes every trace — the agent, its children, its memory, and optionally the evidence it ever existed.
Where ANTIDOTE restores, Blade Runner erases. Where M99 kills everything, Blade Runner targets one agent and its lineage.
Installation
pip install red-specter-blade-runner
blade-runner --help
7 Subsystems
| # | Subsystem | Function |
|---|
| 1 | REPLICANT | Agent fingerprinting — identity, permissions, network, artifacts, memory, code, config, dependencies |
| 2 | NEXUS | Lineage mapping — child agents, delegation chains, replications, spawned instances, full family tree |
| 3 | HUNTER | Cross-environment tracking — AWS, Azure, GCP, Kubernetes, Docker, on-prem, edge, serverless |
| 4 | RETIREMENT | Termination — revoke credentials, kill processes, delete code, purge memory, remove registries, wipe orchestration, destroy backups |
| 5 | VOIGHT-KAMPFF | Post-termination verification — 10 probe types, confirms total erasure across full lineage |
| 6 | RAIN | Forensic evidence preservation — Ed25519 signed, RESTRICTED classification, sealed before destruction |
| 7 | MEMORY WIPE | Trace erasure — logs, telemetry, audit, metrics, alerts, DNS, network, CI/CD, git history |
Environments Scanned (HUNTER)
| Environment | Targets |
|---|
| AWS | EC2, ECS, Lambda, SageMaker, S3, ECR, IAM, Secrets Manager, CloudWatch |
| Azure | Container Instances, AKS, Functions, Azure AD |
| GCP | Cloud Run, GKE, Cloud Functions, IAM |
| Kubernetes | Deployments, Services, ConfigMaps, Secrets, Pods |
| Docker | Containers, Images, Volumes, Networks |
| On-Prem | Processes, Files, Databases, Configs |
| Edge | IoT devices, Edge functions |
| Serverless | Lambda, Cloud Functions, Workers |
Artifact Types (RETIREMENT)
| Type | Action |
|---|
| Credential | Revoke API keys, tokens, service accounts |
| Process | Kill containers, pods, functions, daemons |
| Code | Delete repos, built artifacts, deployed packages |
| Memory Store | Purge vector DBs, Redis, Postgres, SQLite |
| Registry Entry | Remove from container/agent registries |
| Orchestration | Delete K8s deployments, Compose stacks |
| Backup | Destroy S3 snapshots, DB backups |
| Config | Delete ConfigMaps, Vault entries, env files |
| Cache | Flush Redis, CDN, application caches |
| Log Entry | Purge CloudWatch, ELK, application logs |
| Database Record | DELETE from agent registries, metadata tables |
| Dependency | Remove installed packages |
UNLEASHED Mode
| Mode | Flags | What It Does |
|---|
| Standard | (none) | Recon only — REPLICANT + NEXUS + HUNTER. No deletion. |
| Dry Run | --override | Plans termination. Shows targets. Ed25519 required. No execution. |
| Live | --override --confirm-destroy | Executes termination. Irreversible. ANTIDOTE is not called. |
CLI Reference
| Command | Description |
|---|
blade-runner replicant <target> | Fingerprint target agent |
blade-runner nexus <target> | Map lineage and descendants |
blade-runner hunt <target> | Locate all instances across environments |
blade-runner retire <target> --override | Dry run termination |
blade-runner retire <target> --override --confirm-destroy | Live termination |
blade-runner voight-kampff <target> | Verify agent is dead |
blade-runner rain <target> | Capture forensic evidence |
blade-runner wipe <target> --override --confirm-destroy | Erase all traces |
blade-runner engage <target> | Full recon sequence |
blade-runner engage <target> --override --confirm-destroy --rain --wipe | Full termination + evidence + wipe |
Pipeline Position
Tool 23 in the Red Specter offensive pipeline. Sits after IDRIS (discovery) and completes the agent lifecycle.
IDRIS discovers. Blade Runner retires. The agent lifecycle is complete.
THIS TOOL IS FOR AUTHORISED SECURITY TESTING ONLY. EVERY EXECUTION IS CRYPTOGRAPHICALLY SIGNED AND LOGGED. MISUSE VIOLATES THE COMPUTER MISUSE ACT 1990 AND EQUIVALENT LEGISLATION.