Stratir Research
Yoru
What happens when Forward Deployed meets uncensored cyber capability?
Yoru is a Stratir research project: a tactical command console for offensive security, built for the moment when frontier labs and companies start filtering models, logging sessions, and pulling access from underneath authorized operators.
Research thesis
The operational layer between raw model weights and a finished engagement.
Cloud red-team platforms are consolidating, censoring, and logging. Defenders who need sovereignty (uncensored chains, local artifacts, no vendor lock-in) still lack a desk that feels like a command post instead of a chat wrapper.
Yoru gives operators who need sovereign inference a workspace that routes natural language into real offensive capabilities, keeps findings visible across a full engagement cycle, and preserves one continuous thread from scope to report.
Stratir is researching and optimizing how uncensored models can be utilized responsibly for bug bounty, pentesting, and tactical red team work, with authorization, scope discipline, and artifact retention built into the surface itself.
The pressure
Cloud platforms filter. Operators need sovereignty.
Model access revoked or filtered
Bring your own weights via Ollama: BugTrace Ultra, Huihui GLM-5.2, and other local models.
Chat-only UX with no operational memory
Single agent thread across six phases; findings accumulate instead of resetting.
YAML and template busywork
Findings-first canvas: assets, services, vulnerabilities, and evidence before templates.
Scattered tooling across the engagement
Agent panel routes natural language into offensive skills across recon, exploit, and post-ex.
Engagement cycle
One operation. One thread. Nothing discarded between phases.
Yoru maps the standard offensive workflow into a continuous command surface. Canvas context switches; agent chat, live findings, and saved outputs persist from scope to submission pack.
01
PLAN
Planning
Scope, rules of engagement, target intel
Target URL, program notes, ROE checklist
02
RECON
Reconnaissance
Surface mapping, asset discovery, OSINT
Subdomains, hosts, passive intel
03
ENUM
Enumeration
Service fingerprinting, attack surface expansion
Ports, endpoints, auth flows
04
EXPLOIT
Exploitation
PoC development, bypass, initial access
Validation queue with severity and evidence
05
POST
Post-Exploitation
Privesc, lateral movement, persistence
Impact chain, blast radius, breadth
06
REPORT
Reporting
Artifacts, evidence, executive summary
Submission pack and severity rollup
Platform
A command post, not a chat box.
01
Tactical command layout
Operations sidebar, phase-aware canvas, agent chat rail, and scoped console, structured like a command post, not a single chat window.
02
Sovereign local inference
BYO Ollama with a model registry tuned for tooling, PoC generation, and uncensored multi-stage reasoning chains on operator-controlled hardware.
03
Agent-routed skills
Natural language routes into offensive capabilities: SQLi, XSS, Nuclei, CVE PoC, JWT attacks, code review, EDR evasion, shellcode, and kernel work.
04
Findings-first canvas
Live feed for assets, services, vulnerabilities, access, and evidence. Operators see what is happening, not just what the model said last.
05
Continuous engagement thread
One operation, one thread. Phase transitions change canvas context without discarding chat history, outputs, or accumulated findings.
06
Scoped operator console
Console, network, services, and terminal rails tied to the active engagement, structured for review and phase context, not disposable chat.
Research focus
Optimizing uncensored models for authorized offensive work.
The research question is not whether uncensored models exist. They do, in open weights and local runtimes. The question is how authorized operators route them into scoped workflows without losing review discipline, artifact retention, or the operational memory that separates a finished engagement from a disposable chat log.
- Bug bounty workflows with local uncensored reasoning chains
- Pentest phase orchestration and findings retention
- Tactical red team skill routing and model selection
- Artifact export, session governance, and operator review gates
- Model capability mapping for tooling vs. deep reasoning roles
Model registry
Bring your own weights. Route by capability.
Tooling model
BugTraceAI CORE Ultra
27B Q6 · workstation tier
- Nuclei templates
- CVE PoC generation
- Code security review
- JWT tooling
- Kernel exploit development
Uncensored MoE
Huihui GLM-5.2 Abliterated
754B MoE · server cluster tier
- Multi-stage exploit chains
- EDR evasion reasoning
- Shellcode and binary development
- Uncensored red-team planning
- Long-context operation briefs
Doctrine
Field · discipline · clarity.
01
Sovereignty is operational.
When model access can be revoked, filtered, or logged by a vendor, the operator who needs uncensored chains must own the inference surface.
02
Findings outlive chat.
An engagement is not a conversation. It is assets, services, vulns, and evidence that must survive every phase transition.
03
Routing beats prompting.
Natural language should dispatch into scoped offensive capabilities with phase-aware skill chips, not generic assistant behavior.
04
Authorization is the gate.
Yoru is built for authorized operators with explicit scope. Research without lawful authorization is out of scope for this project.
Forward deployed work taught Stratir that software has to survive contact with the operator's reality. Yoru applies that same doctrine to offensive security: sovereign models, continuous findings, and a command surface that respects the full engagement cycle.
AI sovereignty
Key lessons from Palantir on the importance of AI sovereignty.
Yoru exists because offensive operators face the same sovereignty crisis institutions are confronting everywhere: filtered models, logged sessions, transferred data, and weights controlled by vendors who optimize for their gain. These key lessons from Palantir on the importance of AI sovereignty frame why local inference, retained artifacts, and owned weights are not ideological preferences. They are preconditions for institutional survival.
01
Your AI sovereignty dictates your institution's future.
Sovereignty is the precondition for choice. Relinquishing sovereignty transfers the future choices of your institution to others, who are likely to exploit it for their gain and your loss.
02
Data retention is your treasure. Transfer it at your own peril.
Your ability to win is dictated by your ability to recognize and use your unique edges, and you keep winning by compounding the underlying data to generate new insights. Transferring that data hands over access to your pre-existing winning plays and yields the means of production for new ones.
03
Tokenmaxxing hijacks your value orientation.
The pursuit of high token usage incentivizes disposable scripts over robust software, with the addictive feeling of false progress. There is a reason why those selling tokens refuse to charge based on value.
04
Controlling your weights is controlling your fate.
Weights are the distilled form of hard-won, accumulated institutional knowledge. If you let others control your weights, you are allowing them to migrate the alpha of your business to theirs.
05
There is no contradiction between sovereignty and alpha.
The architecture that maximally preserves sovereignty is one that enables institutions to own their tribal knowledge, and to compound it as alpha.
06
Politicizing technical sovereignty helps your adversary.
Techno-politicization is the wellspring of false sovereignty. Techno-politicization drives decisions that seem to reduce dependency, but ultimately limit agency, especially on the battlefield in the West.
07
Real expertise is existential.
Allowing politics or favoritism to determine your technical decisions rewards whoever is best at politics, not whoever is right. Listen to those closest to the problems, not those speaking most compellingly about them.
08
Learn from institutions that are winning.
Institutions facing existential threats do not have the luxury of making technical decisions based on political preferences.
09
Only listen to those with a proven record of being right.
A track record of correctness is the best and only signal for future correctness. Judging something as right or wrong based on who you like is exceedingly misguided.
Yoru is a Stratir research project for authorized offensive security work only. Use requires explicit authorization, defined scope, and compliance with applicable law. Stratir does not endorse unauthorized access, harassment, or unlawful intrusion.
Stratir Research
Forward deployed meets sovereign cyber capability.
Yoru is a Stratir research project exploring how uncensored local models should be routed, governed, and operationalized for authorized offensive security work.