NOTE: This is an EARLY PHASE open development project which will evolve with your participation.

⚠️ Disclaimer: Under active development. Code has not been audited. APIs and interfaces are subject to change!

Blue Guardian

AI-assisted security assessment and remediation workflow tool validated against the OWASP Juice Shop.

The tool helps teams systematically reduce risk rather than just generate findings by connecting discovery and understanding to remediation.

1. Loads documents such as:

• OWASP Top 10
• OWASP Application Security Verification Standard (ASVS)
• The OWASP Testing Project

2. Generates a structured knowledge graph to drive learning, audit, reporting and remediation processes.

From the graph the tool:

1. Projects (realtime renders from the graph) a navigable synthesis of all documents.

2. Generates technical interactive visualizations to explain security concepts.

3. Projects an executable audit plan with an API to intergate with AI agent systems or manual investigation workflows.

4. Projects an audit report and associated executable remediation plan with an API to intergate with AI agent systems or manual remediation workflows.

5. Projects application security health scores to celebrate achievements.

Problem Statement

Application security is a complex and ever evolving topic that quickly becomes overwhelming.

Asking small projects to review thousands of security related guidance documents to validate security in their applications is not practical.

This leads to lack of security not due to lack of knowledge but lack of ability to apply it.

Innovation

The emergence of AI and surgance of graph-based data structures enables a new paradigm of knowledge application.

Blue Guardian provides a framework to harness AI organizational and agent capabilities towards the domain of application security.

With strategic pre-built prompts and code templates in an automated workflow process, the tool can:

1. Automatically assess and remedy well-understood security risks
2. Guide a human to complete the last mile

The tool recognizes that 100% automation is not practical and open interfaces allow for ecosystem integration.

The focus is on looping human and AI into a productive dance towards real results.

Purpose

Empower all individuals and teams to reach a baseline security posture required to operate responsibly in a hostile digital environment.

Project Deliverables

1. A graph model for source documents and directed action
2. A graph-based document viewer for contextual learning
3. A framework to generate interactive visualizations for educational purposes
4. A graph-based report viewer
5. A workflow graph governed by policy priority
6. An AI agent orchestration API

AI Agent Integrations

The tool will integrate with various AI agent systems for the purpose of:

• Automatic document ingestion & graph generation
• Automatic technical visualization generation
• Automatic investigation
• Automatic remediation

Project Roadmap

• 2026 Q1
  • Announce project and attract initial contributor team
• 2026 Q2
  • Document viewer & interactive example generation
  • Workflow viewer with human-AI loop
  • Complete prototype running against Juice Shop
    • First problem automatically identified
    • First problem automatically fixed
    • 10% of problems automatically fixed in Juice Shop
• 2026 Q3
  • Reports & scoring
  • 50% of problems automatically fixed in Juice Shop
• 2026 Q4
  • 95% of problems automatically fixed in Juice Shop

Contributing

The project will be built in the open with a team of contributors adapting it to new requirements as they come in.

The initial project development path is flexible on purpose and influenced by the interests of contributors.

Provenance

(c) 2026 Christoph.diy • Code: Apache 2.0 • Text: CC BY-SA 4.0