Founder, Complex Developers
I build security-focused AI systems from the model up: language models trained from scratch,
the agent runtimes that make them safe to deploy, and production security tooling around them.
Currently building GhostLM, an 81M-parameter cybersecurity language model trained from scratch in PyTorch, and ghostloop, a fail-closed safety runtime for embodied agents, published on PyPI (pip install ghostloop) with a Next.js control plane, a Tauri desktop app, and a live HuggingFace demo.
I'm Joe Munene, founder of Complex Developers, building from Nairobi, Kenya. The throughline across what I ship is systems that stay auditable under adversarial conditions, from model internals to agent runtime. The studio's platform and CRM runs on Next.js 15, Prisma, and Postgres.
I study Computer Science at Moi University. In parallel I have trained a language model from scratch, published a safety runtime to PyPI, and merged work upstream into AutoGPT. Roughly 785,000 lines of first-party code across 50+ repositories. The shortest way to prove what you can engineer is to show working code, so that is what this profile is.
|
Merged into Significant-Gravitas/AutoGPT, one of the most-starred AI projects on GitHub. Fixed agent name preservation in |
Open, under review. Replaces the naive |
|
An open source cybersecurity language model built from scratch in PyTorch. 81M parameter decoder-only transformer (RoPE, SwiGLU, RMSNorm) trained on a 422M token multi-domain corpus across 27 sources: cybersec writeups, NVD CVEs, MITRE / CWE / OWASP, NIST SP 800, FineWeb-Edu, open-web-math, and a 105 repo open source code pull spanning 15 languages. Ships GhostAgent (a tool-using runtime), a multi-vendor HTTP server speaking OpenAI / Anthropic / Gemini / Ollama wire formats, an MCP server, and GhostBench (a packaged eval suite with Wilson 95% CIs and McNemar paired comparisons across 14 differentiation bets). 312 tests green. View the repo. AI agent safety stack: secure-mcp, ghostguard (4-tier policy proxy with audit dashboard), CyberBench Defensive security toolkit: ghostaudit (23 CIS Kubernetes checks), ghostforensics (memory forensics with YARA + Volatility + STIX 2.1 export), ghostsiem (Sigma-rule SIEM), securecommit (pre-commit secret scanner) Offensive tooling: concurrent TCP port scanner, packet-level traffic analyzer, vulnerability scanner, hash-cracking framework, MAC rotator, metadata scrubber The ghost security suite: eleven production CLI tools spanning recon, web and mobile scanning, ML intrusion detection, malware triage, supply chain, cloud posture, and key management (listed below) Full-stack platforms: Complex Developers CRM (Next.js 15 + Prisma + Postgres), ChartSentinel (trading SaaS with Stripe + PostHog + Sentry), High-End CRM, ai-coding-assistant |
ghostloop v1.0.3 — the agent loop, embodied. ghostloop-ui — Next.js 15 + React 19 + Tailwind 4 control plane, live at ghostloop-ui.vercel.app. Fleet view, alarm tray, episode timeline, per-counter Prometheus metrics, and a profile-aware gamepad mapper (drone / mobile base / quadruped / arm / humanoid) built for non-coders. Demo-mode fallback keeps the deploy interactive with no backend configured. ghostloop-desktop v0.2 — Tauri 2 + Rust shell wrapping ghostloop-ui as a single-file native app for macOS / Windows / Linux. Voice control, gamepad rumble on safety events (geofence block, force-cap trip, e-stop), native OS notifications, 120 Hz gamepad polling via secure-mcp — MCP server exposing security tools to AI agents with policy gates, subprocess sandboxing, and audit trails. Fail-closed by default. CyberBench — Open, reproducible benchmark for evaluating LLMs on cybersecurity reasoning. YAML tasks, pluggable backends, ranked leaderboard. linkdrop v0.7.1 — Cross-platform Tauri + Rust desktop app bridging iPhone to Linux for photos, files, notifications, screen mirroring. Daemon-backed pymobiledevice3 bridge, CI-built .deb / .AppImage. |
Eleven production CLI security tools, shipped as one coherent suite. Every one is installable, test covered, and green on GitHub Actions CI across Python 3.11 and 3.12. 489 passing tests in total, console plus JSON plus SARIF output for CI gating, and authorized-use framing throughout.
| Tool | Domain | What it does |
|---|---|---|
| ghostrecon | Offensive, OSINT | Passive recon framework: cert transparency, DNS, Wayback, entity graph, HTML and JSON reports |
| ghostmap | Offensive, AppSec | Web vulnerability scanner: auth-aware crawler plus XSS and SQLi injection engine, SARIF output |
| ghostpwn | Offensive, Orchestration | Pentest workflow engine: YAML stages, dependency DAG, parallel execution, consolidated report |
| ghostscope | Defensive, ML | AI intrusion detection: IsolationForest and PyTorch autoencoder on flow features, explainable alerts |
| ghostbox | Defensive, Malware | Static malware sandbox: PE and ELF parsing, entropy and packer heuristics, IOC extraction, YARA, threat score |
| ghostdlp | Defensive, Data | Data-leak prevention and PII classifier: 16 validated detectors (Luhn, IBAN, ABA, entropy), masking and redaction |
| ghostsbom | Supply chain | Supply-chain analyzer: CycloneDX SBOM, OSV.dev CVE scan, typosquat and maintainer-risk signals |
| ghostchain | Web3, AppSec | Solidity static auditor: 10 SWC-mapped detectors, console, JSON, and SARIF for code scanning |
| ghostmobile | Mobile, AppSec | APK and IPA static analyzer: dependency-free binary AndroidManifest decoder, 14 platform checks |
| ghostcloud | Cloud, CSPM | Multi-cloud posture scanner: 17 AWS, GCP, and Azure misconfiguration checks with remediation |
| ghostvault | Cryptography, KMS | Key management system: DEK and KEK envelope encryption (AES-256-GCM, scrypt), rotation, AAD binding, audit log |
Technical writing lives in joemunene-by/writing.
- AI Model Supply Chain Security — architectural guidance on serialization risks in model artifacts (pickle /
.ptcode execution, safetensors and ONNX alternatives), provenance verification, artifact scanning, and Model Bills of Materials. Originally proposed to the OWASP Cheat Sheet Series (PR #2111) and revised through maintainer review.
Systems and AI. Python and PyTorch, with transformers written from scratch (no framework abstractions): training, tokenization, and evaluation with proper statistics. Rust, TypeScript, and C. MCP servers and multi-vendor LLM serving.
Security. Offensive (recon, web and mobile scanning, exploitation tooling) and defensive (intrusion detection, malware triage, SIEM, memory forensics, cloud posture, key management). YARA, Sigma, STIX, CIS benchmarks.
Product. Full-stack web (Next.js, React, Tailwind, Postgres, Prisma), cross-platform desktop (Tauri, Rust), and mobile (React Native, shipped to the Google Play Store).
Infrastructure. Docker, Kubernetes, Terraform, GitHub Actions, Prometheus, and CI/CD with PyPI trusted publishing.
Next: ghost-base, the ~360M-parameter successor to GhostLM, training on rented GPU. I take on select work in backend systems, security reviews, and API hardening.
Joe Munene · Founder, Complex Developers · Nairobi, Kenya · joemunene984@gmail.com