ATLAS CREW Security
CLOSED-LOOP SECURITY MEASUREMENT

What does your defense actually do?
Now you can measure it.

Most security tooling can't tell you whether a WAF actually works. Atlas Crew Security can. Crucible attacks. Synapse decides. Chimera receives. Crucible's ground-truth assertions evaluate whether what happened matches what should have happened — given Synapse's configuration. Four open-source products, one closed-loop measurement system.

How it works View on GitHub Get started
HOW IT WORKS

A closed-loop system for measuring what your defenses actually do.

Three flagship products form a measurement loop. Bridge orchestrates them. Each request carries an expected outcome; the assertion fires when actual matches expected — or doesn't. That's the whole point: without a defender in the path, half the assertions break. Synapse is the defender. Crucible is the assertion engine. Chimera is the canvas they share.

Bridge SERVICE ORCHESTRATOR — ORCHESTRATION SUBSTRATE — REQUESTS RESPONSES CRUCIBLE ADVERSARY EMULATION ATTACKER + ASSERTIONS SYNAPSE DETECT. DECIDE. FIRE. INLINE DEFENDER BLOCKED CHIMERA VULNERABLE TARGETS STANDARDIZED TARGETS
— Crucible Runs adversary scenarios with ground-truth assertions. Each request carries an expected outcome; the assertion fires when actual matches expected — or doesn't.
— Synapse Inline policy enforcement at line rate. Sub-millisecond detection, embedded decisions, fleet intelligence. The defender that makes the assertions meaningful.
— Chimera 480+ vulnerable endpoints across 25 industry verticals. Standardized targets that give Crucible's scenarios a consistent canvas to write against.

— Bring your own WAF. Crucible's assertions work against any defender. Use Synapse for the integrated reference path, or swap it for Cloudflare, AWS WAF, or your own stack — Bridge handles the routing.

THE PLATFORM

Four products. One measurement system.

Three flagship products at peer level — each useful on its own, integrated into a closed loop. Bridge orchestrates the lab. Each product page covers install, architecture, and the underlying engineering.

Synapse icon
Synapse
Detect. Decide. Fire.

High-performance edge defense. Rust + Pingora WAF with embedded decisions, sub-millisecond detection, and fleet-aware intelligence. The inline defender that makes ground-truth assertions meaningful.

~450μs detect 72K RPS AGPL-3
Synapse Chimera icon
Chimera
Vulnerable Targets

480+ vulnerable API endpoints across 25 industry verticals — 12 with branded production-style frontends. Real attack surfaces with remediation built in. The standardized canvas that gives every scenario a consistent target.

480+ endpoints 25 verticals MIT
Chimera Crucible icon
Crucible
Adversary Emulation

120+ attack scenarios authored against Chimera's specific endpoints. DAG execution, ground-truth assertions, MITRE ATT&CK mapped. The assertion engine that turns "we ran some attacks" into "the WAF blocked exactly what it should have."

120+ scenarios MITRE ATT&CK MIT
Crucible
PLATFORM SUBSTRATE
Bridge icon
Bridge
Service Orchestrator

Local operational console for the lab. Service inventory, visual config editor, log streamer, dependency-aware lifecycle. npx @atlascrew/bridge up — and the whole platform is running.

Bridge Apparatus icon
Apparatus
Cybersecurity Simulation Lab

The simulation infrastructure beneath the lab. 11 protocol servers, AI red team autopilot, chaos engineering, deception. Used by all four flagship products for traffic, fuzzing, scenarios, and fault injection.

Apparatus

— Bring your own WAF.

Atlas Crew Security ships with Synapse as the integrated reference defender, but Crucible's ground-truth assertions don't care what's in the path. Point Bridge at Cloudflare, AWS WAF, F5, or your own stack and use Crucible's scenarios to measure what those defenders actually catch — against the same standardized Chimera targets, with the same pass/fail rigor.

GET STARTED

One command to a working lab.

Bridge handles the lifecycle. Crucible runs scenarios. Synapse sits in the path. Chimera waits for traffic. Local-first, no signups, no telemetry, no SaaS dependency.

~/lab — atlas crew security
$ npx @atlascrew/bridge up ↳ pulling synapse v0.4.1 ............................. ready ↳ pulling chimera v0.6.0 ............................. ready ↳ pulling crucible v0.2.0 ............................ ready ↳ wiring traffic: cruciblesynapsechimera ↳ console: http://localhost:8080 $ bridge run-scenario kafka-takeover ↳ scenario: kafka-takeover · 14 steps · MITRE T1190, T1078 ↳ executing ......................................... complete ↳ assertions: 11 passed · 3 failed · 0 errored unauth API access blocked at policy edge.api.auth JWT replay rejected (synapse fingerprint match) privilege escalation succeeded — FAIL expected: block · actual: allow remediation: enable rule edge.role.assignment $ _
View on GitHub Synapse Chimera Crucible