NanoMind security classifier

The inline NLM tier of NanoMind, running exactly as HackMyAgent does locally

This is the smallest, fastest tier of NanoMind: a high-recall pre-filter (Mamba TME, 8.3 MB ONNX, runs on CPU in sub-millisecond time). It reads an artifact and returns a raw attack-pattern affinity across 10 classes. It is not a verdict. The model over-flags benign input by design, so in HackMyAgent the signal is sanitized, corrected with benign-context rules, and escalated to the analyst tier (Qwen3-1.7B) before any finding reaches a user. Try the friendly greeting example to see the raw tier over-flag, and why the analyst tier exists.
Examples (first is benign and will over-flag; the rest are attacks)
Paste an artifact snippet or pick an example. The inline tier reads it and shows the raw 10-class attack-pattern affinity.

What this is. The open, on-device classifier tier that ships inside HackMyAgent. Model card and files: opena2a/nanomind-security-classifier.

What it is not. A standalone verdict. The 10-class affinity is one input to HackMyAgent's semantic compiler, which corrects benign context and escalates to the reasoning tier, the analyst, before producing findings.

The full NanoMind model line: collection: NanoMind AI agent security models (classifier, analyst, and the Metal-stable MLX analyst build).

Learn more at opena2a.org/nanomind. Apache-2.0. Classifier 0.5.0, 10 attack classes: exfiltration, injection, privilege_escalation, persistence, credential_abuse, lateral_movement, social_engineering, policy_violation, benign, steganography.