Local AINo API KeysOpen Source

Research→Detection

Transform AI and LLM security research papers into structured, actionable detection rules — entirely on your machine, with no cloud APIs required.

View on GitHub Local Setup

Behavioral detection over keyword matching

R2D prioritizes sequence-based patterns, temporal correlations, and relationship signals — generating rules that reflect attacker intent, not isolated signatures that are trivial to evade.

How it works

Six-stage pipeline

Paper Selection

Upload PDFs, text files, or discover live arXiv papers ranked by detection relevance.

Schema Mapping

Optionally provide your log schema (JSON/CSV) to align detections with your environment.

AI Processing

Local Ollama model analyzes the paper, extracts attacker behaviors, and synthesizes detections.

Detection Review

Filter and examine generated rules by severity and detection type.

Skill Download

Export analyst-ready Markdown skill files with threat narratives and pseudo-code.

Gap Analysis

Surface missing telemetry sources and coverage weaknesses in your detection stack.

Research PaperOllama (Local)Detections + Skills

Capabilities

Built for detection engineers

Local-First Architecture

Runs entirely on localhost:9000 with Ollama. No cloud APIs, no data leaves your machine.

Behavioral Detection

Sequence-based rules with temporal correlations — attacker intent, not keyword signatures.

Multiple Input Formats

Supports PDF, Markdown, plain text, and live arXiv paper discovery with AI-powered ranking.

Environment Alignment

Provide your log field schema so generated detections map directly to your telemetry sources.

Analyst-Ready Output

Every detection includes false positive guidance, tuning advice, and implementation notes.

Coverage Gap Analysis

Identify blind spots and inferred telemetry assumptions that expose missing detection coverage.

Output format

Structured, actionable detections

Every detection generated by R2D includes structured fields for immediate operationalization — severity scoring, required telemetry, pseudo-logic, false positive guidance, and tuning recommendations.

Severity & confidence scoring
Telemetry source mapping
Behavioral pseudo-logic
False positive guidance
Implementation notes & tuning

detection_output.jsongenerated

{

"title": "LLM Prompt Injection via Tool Override",

"severity": "high",

"confidence": 0.87,

"detection_type": "behavioral",

"attack_stage": "execution",

"telemetry": [

"llm_api_logs",

"agent_tool_calls",

"system_prompt_events",

"pseudo_logic": "SEQUENCE(override → escalation) WITHIN 5s",

"false_positives": ["Legitimate tool config updates"],

"tuning": "Correlate with identity logs to reduce noise",

}

Accepted Inputs

Documents.pdf .txt .md

Log Schemas.json .csv .txt

Live DiscoveryarXiv API (AI-ranked)

Generated Outputs

Detection RulesJSON + Markdown

Skill FilesAnalyst-ready .md

Gap AnalysisTelemetry recommendations

Get started

Run it locally in minutes

Requires Python 3.10+ and Ollama installed on your machine.

Pull the local model

ollama pull llama3.1:8b

Launch the server

./start.sh

Open in browser

open http://localhost:9000

View Research2Defense on GitHub

Open source · Self-hosted · No usage limits