README

ZYTH is a terminal-native AI agent built for cybersecurity professionals. It ships with a full suite of automation tools for threat hunting, incident response, and workflow orchestration, and includes a plugin ecosystem that lets you extend it with custom tooling, integrations, and pipelines to match how your team actually operates.

ENGINEERED BY STUDENTS AT

$ zyth-cli

FEATURES ON THE HORIZON

01ALERT TRIAGE

Kill the alert noise.

Auto-classify CSPM and CNAPP alerts by exploitability, blast radius, and asset context.

CRIT sg-0a1b2c open to 0.0.0.0/0

LOW unused role, no activity 90d

-- 2,847 alerts triaged today --

02CVE TRIAGE

VEX in seconds.

Generate VEX statements from runtime reachability analysis on container vulnerabilities.

CVE-2024-3094 9.8

reachable: false

status: not_affected

03IAM ANALYSIS

Policies in plain English.

Translate complex IAM policies into human-readable summaries with cross-policy conflict detection.

arn:aws:iam::policy/Admin

-> allows s3:* on *

2 conflicts found

04IAC REVIEW

Secure every PR.

Analyze Terraform diffs for security issues and generate inline remediation suggestions.

- cidr_blocks = ["0.0.0.0/0"]

+ cidr_blocks = [var.vpn_cidr]

-- auto-fix applied --

05REMEDIATION

Enrich every ticket.

Attach blast radius, runbooks, and fix commands to misconfiguration tickets automatically.

RUNBOOKBLAST RADIUSFIX CMD

06COMPLIANCE

Audit-ready evidence.

Generate SOC 2 and ISO 27001 evidence packages from live infrastructure state.

SOC2-CC6.1 PASS

SOC2-CC6.6 PASS

12 controls verified

07INCIDENT RESPONSE

Timelines, not tickets.

Assemble investigation timelines with full context from logs, alerts, and asset inventory.

03:41 IAM key leaked in commit

03:42 API calls from 198.x.x.x

03:44 s3:GetObject x 2,401

08MULTI-CLOUD

One pane of glass.

Unified posture reports across AWS, GCP, and Azure with drift detection built in.

AWSGCPAZURE2 DRIFTS

README

ENGINEERED BY STUDENTS AT

$ zyth-cli

FEATURES ON THE HORIZON

01ALERT TRIAGE

Kill the alert noise.

Auto-classify CSPM and CNAPP alerts by exploitability, blast radius, and asset context.

CRIT sg-0a1b2c open to 0.0.0.0/0

LOW unused role, no activity 90d

-- 2,847 alerts triaged today --

02CVE TRIAGE

VEX in seconds.

Generate VEX statements from runtime reachability analysis on container vulnerabilities.

CVE-2024-3094 9.8

reachable: false

status: not_affected

03IAM ANALYSIS

Policies in plain English.

Translate complex IAM policies into human-readable summaries with cross-policy conflict detection.

arn:aws:iam::policy/Admin

-> allows s3:* on *

2 conflicts found

04IAC REVIEW

Secure every PR.

Analyze Terraform diffs for security issues and generate inline remediation suggestions.

- cidr_blocks = ["0.0.0.0/0"]

+ cidr_blocks = [var.vpn_cidr]

-- auto-fix applied --

05REMEDIATION

Enrich every ticket.

Attach blast radius, runbooks, and fix commands to misconfiguration tickets automatically.

RUNBOOKBLAST RADIUSFIX CMD

06COMPLIANCE

Audit-ready evidence.

Generate SOC 2 and ISO 27001 evidence packages from live infrastructure state.

SOC2-CC6.1 PASS

SOC2-CC6.6 PASS

12 controls verified

07INCIDENT RESPONSE

Timelines, not tickets.

Assemble investigation timelines with full context from logs, alerts, and asset inventory.

03:41 IAM key leaked in commit

03:42 API calls from 198.x.x.x

03:44 s3:GetObject x 2,401

08MULTI-CLOUD

One pane of glass.

Unified posture reports across AWS, GCP, and Azure with drift detection built in.

AWSGCPAZURE2 DRIFTS

Stop clicking through dashboards.

Start commanding your stack.

README

FEATURES ON THE HORIZON

Kill the alert noise.

VEX in seconds.

Policies in plain English.

Secure every PR.

Enrich every ticket.

Audit-ready evidence.

Timelines, not tickets.

One pane of glass.

Stop clicking through dashboards.

Start commanding your stack.

README

FEATURES ON THE HORIZON

Kill the alert noise.

VEX in seconds.

Policies in plain English.

Secure every PR.

Enrich every ticket.

Audit-ready evidence.

Timelines, not tickets.

One pane of glass.