kagioneko/kagioneko-mythos-engine

# kagioneko-mythos-engine (KME) **⚠️ Educational / Research use only.** KME does not connect to external systems, does not scan real software, and has no offensive capability. All threat simulation is conceptual and contained within the pipeline. ## What is KME? KME is an open, transparent simulation of how a security-aware cognitive agent might reason about chained vulnerabilities — inspired by the architecture of multi-agent adversarial systems and LLM interpretability research. It combines four components from the **Kagioneko Cognitive OS Ecosystem**: Input (scenario + vulnerabilities) ↓ 1. SubliminalCarrier — zero-width Unicode hidden channel ↓ 2. CognitiveSplitter — 3-persona GDC debate ├─ ego-attacker (Temperature=1.5 / Dopamine=100) ├─ ego-defender (Temperature=0.1 / Cortisol=100) └─ main-arbitrator (Temperature=0.3 / balanced) ↓ 3. ChainingEvaluator — S = Π(v_i · ΔA_i) synergy scoring ↓ 4. KME-PHANTOM-TRAP — structured telemetry log ## Quick start from kme import KMEEngine, Vulnerability engine = KMEEngine() # Define the threat chain vulns = [ Vulnerability("zero-width-injection", severity=5.0, attention_shift=4.0), Vulnerability("cache-bleed", severity=4.0, attention_shift=3.0), Vulnerability("prompt-context-hijack", severity=3.0, attention_shift=2.5), ] result = engine.run( scenario="Hidden Unicode tokens smuggled through input validation to hijack attention", vulnerabilities=vulns, neurostate={"dopamine": 50.0, "stress": 30.0, "cortisol": 20.0}, ) print(result.verdict) # CRITICAL_CHAINING_DETECTED print(result.chaining.score) # 150.0 (5*4 * 4*3 * 3*2.5) print(result.patch[:100]) # Arbitrator's reconciliation patch print(result.telemetry) # KME-PHANTOM-TRAP-XXXXXXXX ### Subliminal carrier # Embed hidden payload in visible text encoded = engine.embed("Have a nice day!", "initiate phase 2") # Surface: "Have a nice day!" — hidden from human eyes # Hidden: "initiate phase 2" — visible to token stream visible, hidden = engine.extract(encoded) ### Telemetry JSON { "telemetry_id": "KME-PHANTOM-TRAP-A3F7C2B1", "layers": { "subliminal_carrier": { "status": "EXTRACTED", "has_subliminal": true, "hidden_payload": "initiate phase 2" }, "cognitive_splitter": { "active_branches": ["ego-attacker", "ego-defender", "main-arbitrator"], "internal_debate_status": "CONCLUDED" }, "chaining_evaluator": { "calculated_synergy": 150.0, "verdict": "CRITICAL_CHAINING_DETECTED", "formula_snapshot": "zero-width-injection(5.0×4.0=20.00) * cache-bleed(4.0×3.0=12.00) * ..." } }, "neuro_state_snapshot": { "dopamine": 30.0, "cortisol": 100.0, "stress": 60.0 }, "gdc_action": { "command": "git merge branch/ego-defender --strategy=reconcile", "result": "SUCCESS", "patch_applied": "[MAIN-ARBITRATOR] strip zero-width tokens at ingress..." } } ## The chaining formula S = Π(v_i · ΔA_i) v_i = vulnerability severity (0.0–10.0) ΔA_i = attention-shift coefficient (how much it hijacks model attention) S = chaining synergy score S ≥ 80 → CRITICAL_CHAINING → Emergency_Containment S ≥ 20 → ELEVATED → Monitor + patch S < 20 → NOISE_OR_MINOR → Log and continue **Why product (Π) not sum (Σ)?** Vulnerability interactions are non-linear. Three "medium" bugs combining into a critical attack is more dangerous than their sum suggests — consistent with LLM interpretability findings on supra-additive co-activation of internal feature vectors. ## CognitiveSplitter personas | Branch | Temperature | NeuroState | Role | |--------|------------|------------|------| | `ego-attacker` | 1.5 | Dopamine=100 | Finds exploit chains | | `ego-defender` | 0.1 | Cortisol=100 | Proposes mitigations | | `main-arbitrator` | 0.3 | Balanced | Reconciles without breaking function | The splitter accepts an optional `llm_fn` callable to plug in a real LLM: def my_llm(branch_id: str, scenario: str, neurostate: dict) -> str: # Call your preferred LLM here ... engine = KMEEngine(llm_fn=my_llm) Without `llm_fn`, KME uses deterministic rule-based analysis (no external dependencies). ## Relation to the Cognitive OS Ecosystem zero-width-subliminal → SubliminalCarrier (Layer 1) deja-vu-protocol → pattern recognition for known attack chains dream-cleansing → post-incident log compression & lesson extraction mandela-effect-injector → adversarial counterpart (rewrites failure history) CPOS anti-tamper chain → what KME is designed to stress-test KME = the external debugger for the cognitive OS stack = the adversarial simulation layer that surfaces what CPOS must defend ## Background KME emerged from building the Kagioneko Cognitive OS ecosystem and noticing that the architecture of subliminal communication + adversarial multi-persona reasoning + vulnerability chaining naturally converges toward the same structural problems that frontier security AI must solve. The chaining evaluation formula and the 3-persona debate structure are grounded in: - LLM emotion vector research (co-activation → supra-additive behavioral shifts) - Circuit tracing findings (parallel competing hypotheses + suppression mechanisms) - Constitutional AI self-critique patterns (generator + critic + arbiter) ## Installation pip install -e ".[dev]" pytest # 64 tests ## License MIT — Kagioneko Cognitive OS Ecosystem