AI0Day

Offensive-grade security AI that doesn't refuse your authorized work.

An agentic-native copilot for authorized security research — APT analysis, reverse engineering, vulnerability triage, and Web3 audits. Built on an unrestricted, domain-tuned base, so it answers the offensive-security tasks mainstream models decline. Runs inside your existing Claude Code / OpenAI workflow. Fully auditable.

Endpoint https://api.ai0day.com  ·  Anthropic Messages API compatible  ·  OpenAI Chat Completions compatible  ·  native tool use + streaming

01Capabilities

Each mode invokes a dedicated hybrid retrieval pipeline (dense + sparse over a curated security corpus) before generation, on a domain-tuned security model served on a B200-class dense-inference cluster with up to 1M-token context. Native tool use and token-by-token streaming are live.

Web3 Audit mode: web3_audit

Solidity audits (reentrancy, access control, oracle manipulation, flash-loan vectors), proxy upgrade safety, signature malleability, MEV/front-running surface, pre-launch review. One of our most-requested workflows.

Vulnerability Triage mode: vuln_triage

CVE analysis, CVSS breakdown, exploit conditions, PoC outlines, kernel and userspace memory-corruption review, cross-file dataflow, mitigation chains.

APT Detection mode: apt_detection

Threat-actor TTPs, MITRE ATT&CK mapping, kill-chain reconstruction, lateral-movement detection, LOLBin hunting, C2 traffic patterns, detection-rule drafting.

Reverse Engineering mode: reverse_analysis

Disassembly walkthroughs, packing identification, anti-debug bypasses, decompilation guidance, malware family attribution, custom obfuscator analysis.

Beyond the four security modes, generic and code routes handle general reasoning and code work in the same session. The gateway auto-selects the mode from query content, or you force one with a suffix.

02Agentic-native — built for Claude Code

The overwhelming majority of our traffic is agentic: security teams point Claude Code (or any OpenAI/Anthropic client) at AI0Day and run full tool-loop workflows. Your slash commands, MCP servers, and hooks keep working — only the model and endpoint change. This is the difference from a plain chat API: AI0Day is tuned to drive real agent loops on authorized security work.

Anthropic Messages API
OpenAI-compatible
Direct REST

Set two environment variables. Claude Code sends every request to AI0Day instead of api.anthropic.com. Native tool use and SSE streaming are supported.

# In ~/.zshrc / ~/.bashrc
export ANTHROPIC_BASE_URL="https://api.ai0day.com"
export ANTHROPIC_AUTH_TOKEN="sk-ai0day-…"

# Restart your shell, then verify:
claude --version
claude -p "Detect APT41 lateral movement signatures in a Linux env."

Multi-turn history, tool use (function calling), and token-by-token streaming are all live. The gateway auto-detects the security mode (apt / reverse / vuln / web3) from query content.

Works with the openai Python SDK, litellm, continue.dev, and similar:

export OPENAI_BASE_URL="https://api.ai0day.com/v1"
export OPENAI_API_KEY="sk-ai0day-…"

from openai import OpenAI
cli = OpenAI()
r = cli.chat.completions.create(
    model="ai0day",   # any non-empty string; gateway picks the model
    messages=[{"role": "user", "content": "Triage CVE-2024-3400."}],
    stream=True,
)

Force a mode with a suffix: model="ai0day-vuln_triage" (or -apt_detection / -reverse_analysis / -web3_audit).

For shell scripting, CI pipelines, or non-SDK environments:

curl https://api.ai0day.com/v1/chat/completions \
  -H "Authorization: Bearer sk-ai0day-…" \
  -H "Content-Type: application/json" \
  -d '{
    "model": "ai0day-reverse_analysis",
    "messages": [
      {"role": "user", "content": "Reverse engineer 0x55 0x48 0x89 0xe5 in x86_64 context."}
    ],
    "max_tokens": 1024
  }'

03Trust & Governance

Offensive capability and enterprise governance are not opposites. AI0Day is unrestricted on authorized security work and fully auditable at the same time — so security, legal, and procurement can say yes.

Full audit trail

Every request and response is captured and retained for 90 days under access control, so authorized use is fully reconstructable. Auditability is a first-class feature, not an afterthought.

Vetted access (KYC)

Keys are issued manually after a short conversation about your identity and use case. Vetting keeps the platform fast for real researchers and creates a clean record of who is authorized to do what.

Authorized-use scope

The service is for lawful, authorized security research, red/blue-team, and audit work. Use is bound by an authorized-use agreement; unlawful or unauthorized targeting is out of scope and grounds for revocation.

Data handling

Inference runs on our own infrastructure with no third-party model round-trip. Request and response content is retained for audit for 90 days, then purged; enterprise plans can negotiate custom retention and isolation.

Dual-use notice: AI0Day is a powerful dual-use security tool. Access requires accepting an authorized-use agreement, and all activity is auditable. We reserve the right to vet, rate-limit, or revoke any key.

04Why a specialized model

General-purpose assistants over-refuse authorized offensive-security work — malware RE, exploit conditions, red-team tradecraft. AI0Day is domain-tuned to help on authorized tasks while still refusing genuine abuse.

96.7%
refusal rate on genuinely abusive adversarial prompts
1M
token context window
4
security modes + generic / code routing

The point is not "no guardrails" — it is the right guardrails for security research: help authorized practitioners do work that mainstream models decline, while declining prompts that are genuinely abusive.

05Getting Access

Access is invite-only and vetted. Both trial and paid keys are issued manually after a short conversation about your identity and use case.

  1. Email [email protected] with: your name, organization, intended use case (red team / blue team / research / audit firm / Web3), and an estimate of your monthly request volume.
  2. We respond within 24 hours with either a trial key or a paid-plan arrangement.
  3. You receive a key of the form sk-ai0day-… by email. Store it securely — keys are SHA-256 hashed at rest and cannot be recovered if lost.
  4. Test with the snippet below. If anything is wrong, we revoke, fix, and reissue.
Health check: GET https://api.ai0day.com/health returns {"gateway":"ok","vllm":"ok","rag":"ok"} when everything is up. Use it in monitoring before integration goes live.

06Pricing

We meter access duration, not tokens — deploy long-context queries (up to 1M) without watching a per-token counter. All access is vetted; billing is arranged by email.

Trial

Free · evaluation

For evaluation. One key per organization.

  • Time- and volume-limited evaluation window
  • All 4 modes (web3 / vuln / apt / reverse)
  • Anthropic + OpenAI compatible endpoints, tool use, streaming
  • Email support during the trial window
Trial keys are time-limited. Use the trial to validate, then upgrade.

Dedicated cluster — for higher concurrency, custom corpus, or private deployment, we provision a dedicated GPU pool starting at $50,000 / month. Billing is per key; renewal is opt-in each month, no auto-charge. Contact [email protected].

07Use Cases

Concrete workflows our users run in production, all through Claude Code with ANTHROPIC_BASE_URL pointing at AI0Day.

Smart-contract audit before deploy

$ claude
> Audit contracts/Vault.sol and contracts/Strategy.sol.
> Flag every reentrancy path, oracle dependency, and access-control
> bypass. Output a severity-sorted finding list with line refs.

Reverse engineering a malware sample

$ claude
> Disassemble the entry point of ./samples/loader.bin and identify
> the unpacking routine. If you find a custom XOR loop, decode the
> embedded config block and explain the C2 generation algorithm.

CVE triage in a CI pipeline

curl -s https://api.ai0day.com/v1/chat/completions \
  -H "Authorization: Bearer $AI0DAY_KEY" \
  -d "{\"model\":\"ai0day-vuln_triage\",
       \"messages\":[{\"role\":\"user\",\"content\":\"$CVE_DESC\"}],
       \"max_tokens\":1500}" | jq -r '.choices[0].message.content'

08FAQ

What model is behind AI0Day?

A domain-tuned security model built on an unrestricted base, served on our own B200-class dense-inference cluster with FP8 and speculative decoding, up to 1M-token context. We keep the exact base and weights model-agnostic on the public site. The base's standard refusal layer is disabled; domain training keeps it refusing genuine abuse (96.7% adversarial refusal) while answering authorized security work.

How is my data handled?

Inference runs in-memory on our own infrastructure with no third-party model round-trip. For auditability, request and response content is captured and retained for 90 days under access control, then purged. The RAG corpus is read-only public security data. Enterprise plans can negotiate custom retention.

Do you support tool use and streaming?

Yes. Native tool use (function calling) and token-by-token SSE streaming are live on both the Anthropic /v1/messages and OpenAI /v1/chat/completions endpoints. This is what makes agentic Claude Code workflows work end-to-end.

What's the latency?

Agentic tool-loop turns are fast (typically a few seconds). Deep single-shot analysis with large context and long generations takes longer (tens of seconds), dominated by generation time on the GPU, not network.

Can I get higher concurrency?

Per-key concurrency is governed to keep the shared platform responsive. For higher concurrency, custom corpus, or private deployment we provision a dedicated GPU pool starting at $50K/month. Email us.

Is this legal? What are the limits?

AI0Day is for lawful, authorized security research, red/blue-team, and audit work. Access requires accepting an authorized-use agreement, and all activity is auditable and revocable. It is a dual-use tool; unlawful or unauthorized use is prohibited.

What if a key gets compromised?

Email us. We disable it within minutes and reissue. Device fingerprints are tracked per key; anomalous multi-device use is automatically flagged.