Z3r0

A controlled multi-agent workbench for authorized security assessment, code auditing, internal review, and controlled research.

Comment

Inspiration

Security assessment is rarely a single-agent problem. A real authorized review often requires intelligence gathering, code auditing, vulnerability validation, reverse engineering, cryptography review, evidence collection, manual verification, and reporting.

Z3r0 was inspired by a simple question: what if an AI security assistant worked less like a chatbot and more like a coordinated security team, with clear roles, controlled execution, persistent context, and reviewable evidence?

What it does

Z3r0 is a controlled multi-agent security workbench for authorized security assessment, code auditing, internal review, and research.

It uses a lead agent, cso / Z3r0, to coordinate specialist agents:

  • cae / V3ra: code audit and dependency review
  • cie / L1ly: intelligence gathering and asset analysis
  • cpe / Fr4nk: authorized vulnerability validation
  • cre / J4m3: reverse engineering for files, binaries, firmware, and APKs
  • cce / Nu1L: cryptographic protocol and implementation review

Users can create sessions or structured WorkProjects, bind them to Docker sandboxes, ask the lead agent to plan work, and let specialist agents run delegated tasks in the background. The workbench streams reasoning, tool calls, subagent progress, command results, and final outputs in real time.

How we built it

Z3r0 is built with a FastAPI backend, PostgreSQL persistence, SQLModel data models, and a React/Vite frontend.

The backend contains the agent runtime, session pool, context projection, event normalization, delegation system, tool mounting, sandbox integration, and long-context compaction. The frontend provides the chat workbench, session list, agent picker, subagent side panel, WorkProject management, sandbox selector, terminal, file manager, and noVNC access.

Docker sandboxes provide the controlled execution boundary. Agent command tools are mounted only when a running authorized sandbox is bound to the session. This keeps model access, tool execution, user review, and persistent records separated by clear runtime boundaries.

Challenges we ran into

The hardest part was making multi-agent work controlled and reviewable instead of just chaining model calls.

We had to solve persistent background delegation, subagent completion notifications, cancellable long-running commands, session recovery, sandbox invalidation, role-specific context views, stable streaming events, and long-context compression.

Another major challenge was balancing powerful security tooling with explicit authorization boundaries. Z3r0 is designed for lawful, controlled use, so the system needed clear separation between planning, execution, evidence, and human review.

Accomplishments that we're proud of

We are proud that Z3r0 is not just a security chatbot. It is a working prototype of an AI-assisted security operations workbench.

It supports coordinated specialist agents, persistent delegated jobs, Docker-backed execution, human-in-the-loop review, structured project progress, streamed event traces, and resumable assessment history.

The system also treats traceability as a first-class feature: tool output, subagent work, task progress, session metadata, and conversation history are persisted so users can review how conclusions were reached.

What we learned

We learned that useful agent systems depend as much on state, boundaries, and protocols as they do on model quality.

For high-risk domains like security, an agent platform must answer practical questions: who owns the plan, who executes, when tools are available, how evidence is stored, how long tasks resume, how failures are handled, and how humans can verify results.

Z3r0 helped us explore what a governed multi-agent workflow can look like in a real security assessment environment.

What's next for Z3r0

Next, we want to add stronger reporting, richer evidence chains, finer-grained authorization policies, more sandbox images and skill packs, integrations with GitHub/GitLab/Jira/security platforms, team collaboration, approval workflows, audit logs, and benchmark tasks for evaluating agent performance.

Our goal is for Z3r0 to become a controlled, reviewable, and practical AI security team workbench for authorized assessments, code audits, internal reviews, research, and training.

Share this project:

Updates