CyberICS AgentForge
Configure an OT/ICS exercise — or just describe it. The agent team builds the scenario, runs the adversary, coaches your people, logs compliance evidence, and writes the after-action report.
⚡ Energy ransomware drill
💧 Water · NIS2
⬡ Upload our network (CAAT)
🛢 Pipeline · DNP3
✨ Recommend our next drill
▥ Plan a program
Sessions
Recent exercises for this account.
Loading…
Scenario library
335+ curated multilingual OT/ICS scenarios — powered by
get-scenarios.Threat intelligence
Live CISA KEV / CSAF ICS advisories — powered by
threat-feed.Loading latest advisories…
Architecture · CAAT
Upload a customer OT topology to generate an architecture-aware exercise —
analyze-network-topology (TS-011).⬡ Start from network topology CAAT
Upload JSON / Nmap / CSV → Purdue zones, protocols, ATT&CK gaps → matched exercise.
Compliance frameworks
13 frameworks the Compliance agent maps evidence to. Pick them per-exercise in setup.
Capabilities
Every capability is live — click any card to open it.
Settings
Engine, deployment, providers, and workspace configuration for this AgentForge install.
Engine
⚙Model
🖧Deployment
🔑Providers & Keys
Workspace
👤Account
🎯Exercise defaults
🎙Voice & Language
🔔Notifications
🧠Memory & Context
System
🧩MCP & Tools
🎨Appearance
🛡Safety & Governance
ℹAbout
Model
Default model for all 7 agents, with optional per-agent overrides routed through the multi-LLM gateway. Applies to new exercises.
Default LLM backend
The gateway model every agent uses unless overridden below.
Reasoning effort
Higher effort = deeper agent reasoning, slower + costlier.
Per-agent model assignmentReset all to default
Run Adversary on a strong model and Coach/AAR on a cheaper one to control cost — or pin every agent to a sovereign model from the Deployment tab for a network-isolated, self-hosted on-prem install.
Context window override
0 = use the selected model's detected window.
Fallback models
Comma-separated
provider:model to try if the default fails.Deployment
Where AgentForge runs and which Supabase backend it talks to. Sovereign mode hardens the install for network-isolated, self-hosted on-prem (Souverain) use.
Deployment mode
Cloud (managed), VPS, self-hosted Docker, or network-sovereign on-prem.
Backend endpoint
Supabase / gateway base URL. Defaults to this origin for self-host.
Sovereign mode
Forces every agent to a local/sovereign model, disables external providers, and strips outbound telemetry.
Connection
Live status of the configured backend.
checking…
Providers & Keys
API credentials per provider for the gateway. In Cloud mode production keys live server-side; keys entered here are used for local/self-host gateway routing.
Use my keys for autonomous exercises
Store the keys above encrypted on your account so the AI agents can run unattended exercises on your model subscription. Off = local browser only; unattended runs then use CyberICS credits (metered by your plan).
Security: browser keys stay in this browser/app. Keys saved to your account are encrypted at rest and used only server-side to run your agents; they’re never returned to the browser. For self-host, set provider keys as edge-function secrets instead.
Account
Your CyberICS identity, plan tier, and session.
–
Not signed in
—
Organization
Shown on AARs and reports.
Session
—
Access token (advanced)
Paste a fresh
access_token (expires hourly). Normally handled automatically.Two-factor authentication (TOTP)
Protect this account with an authenticator app — Microsoft Authenticator, Google Authenticator, Authy. —
Exercise defaults
Pre-fill values used by New exercise and the command bar. You can still change them per exercise.
Default sector
Default difficulty
Default duration
Default language
Default adversary persona
Default frameworks
Comma-separated. Compliance agent maps evidence to these.
Auto-start scheduled exercises
Unattended start at the scheduled time (vs. notify the facilitator).
Voice & Language
Speech input/output and the interface + live-delivery language.
Voice-to-text
Dictate into the command bar and exercise composer (Web Speech).
Dictation language
Spoken replies (TTS)
Forgewright and intel summaries read aloud.
TTS voice
Speech rate
Interface & delivery language
UI text and live translation of agent output to participants.
Notifications
Outbound email for invites, scheduling, and reports.
Participant invite emails
Email join links when you invite participants.
Scheduled-start reminders
Notify participants when a scheduled exercise is about to begin.
AAR-ready notifications
Email the facilitator when an after-action report is generated.
Executive readiness digest
Auto-email your board-ready risk-reduction summary on this cadence. Saved instantly.
Digest recipient
Defaults to your login email; set a board/CISO address to send there.
From address
Sender for outbound mail. Use an enclave mailer for on-prem.
Memory & Context
Organizational readiness memory — recurring gaps accumulate here and feed risk, forecasting, and Forgewright.
Organizational memory
Persist gaps and recommendations across exercises.
Readiness propagation
AAR writes gap rows so risk & forecast dashboards populate.
Retention
Days to keep memory rows (0 = keep forever).
Org memory
—
MCP & Tools
Model Context Protocol servers and CISA tool integrations the agents can call during analysis.
CISA import tools (CAAT topology, Malcolm/Zeek, CSET, Crossfeed, RedEye) are wired in the Tools workspace and feed
agentforge-analyze.Appearance
Theme and density for the AgentForge shell.
Theme
Accent color
Density
Theme switching affects the shell chrome; print/report views already render light for stakeholders.
Safety & Governance
Data handling, audit, and content guardrails.
Usage telemetry
Anonymous product analytics. Auto-disabled in Sovereign mode.
Audit log
Record facilitator actions and agent calls for compliance evidence.
Data residency
Content guardrails
NeMo Guardrails jailbreak filter on agent I/O.
About
Build information and system health.
CyberICS AgentForge
Version
v1.0
Agents
7 (Director, Adversary, Coach, Intel, Compliance, Memory, AAR)
Edge functions
15 deployed
License
CyberICS Solutions — proprietary
IP
11 provisional patents (TS-001…011) + 2 drafted
System healthRun check
Click “Run check” to ping the gateway and database.