An agent that answers questions about cybersecurity conference research using an agent curated knowledge base. UI is via Jupyter notebook or command prompt.SQL queries can also be used to search for researchers, talks, or tools.
Answers to free-form questions are given from three dozen pre-processed topic summaries compiled by a knowledge agent. There are also summaries for each conference and for authors with more than one presentation in the data. The current dataset includes summaries compiled from publc data in the PROMPT|GTFO Youtube channel and these recent conference abstracts:
2025 conferences: CAMLIS, Blackhat, DEFCON, BsidesLV, BSides SF. 2026 conferences: Unprompted.
- Question Answers questions using the pre-processed topic summaries from the conference list above. Summaries are also available for conferences and authors with multiple talks.
- Query Runs deterministic annotation/database queries and does not call an LLM.
- Status checks the knowledge/index state in the SQLite data layer.
Use a virtual environment if possible.
python -m venv analyst
python -m pip install -r requirements.txtCreate or update .env in the repo root.
OPENAI_API_KEY=...
ANTHROPIC_API_KEY=...
The active LLM provider and model names are configured in config/llm.ini.
The default database is:
knowledge/knowledge.sqlite3
Run a quick search:
python -m knowledge_indexing.knowledge_index --query "threat modeling" --limit 5Audit imported source counts against local source artifacts:
python tools\source_count_auditor.py --strictthe_analyst is the primary interface. See docs/analyst.md for its tool routing, evidence rules, author behavior, configuration, and failure modes.
Interactive mode:
python the_analyst.pyAsk one question from the command line:
python the_analyst.py "question: How is threat modeling being done using AI?"Use question: when the answer should come from generated summary files.
analyst routes these requests to up to three relevant summaries by default and
does not fill gaps with general knowledge. Use query: when you want
deterministic keyword search over record annotations.
python the_analyst.py "query: cryptocurrency wallet fraud"The QA agent should cite which summary files or annotation query results it used.
Analyst Jupyter notebook UI:
the-analyst.ipynb
The analyst notebook exposes the constrained question: path, deterministic query:
path, and status check.
Primary working data:
knowledge/knowledge.sqlite3
Generated reports and summaries:
summaries/
knowledge/open-topic-report.md
knowledge/exports/
Logs and status:
knowledge/import.log
knowledge/classify-run.log
Prompt files:
knowledge_agenting/prompts/
Topic summary design notes:
docs/topic-summary-design.md
Before large write operations, make a SQLite backup:
Copy-Item knowledge\knowledge.sqlite3 knowledge-backup-$(Get-Date -Format yyyyMMdd-HHmmss).sqlite3Run read-only summary dry-runs before expensive LLM calls:
python -m knowledge_agenting.topic_summarizer --group-by topic --topic "Threat modeling" --dry-runRun focused tests after code changes:
python -m pytest -q tests\test_topic_summarizer.py
python -m pytest -q tests\test_knowledge_qa.pyCount or inspect annotations:
python -m knowledge_indexing.knowledge_index --latest-annotations --limit 20
python -m knowledge_indexing.knowledge_index --list-annotations --annotation-query "cryptocurrency" --limit 20Inspect classifications:
python -m knowledge_indexing.knowledge_index --list-classifications --limit 20
python -m knowledge_indexing.knowledge_index --low-confidence-classifications --limit 50List records for a topic:
python -m knowledge_indexing.knowledge_index --list-topic-records "Threat modeling" --limit 50Use the knowledge_agenting.topic_summarizer module for the current spec-compliant summary generator. It can summarize by topic, source, or author.
Dry run one topic without calling the LLM or writing artifacts:
python -m knowledge_agenting.topic_summarizer --group-by topic --topic "Threat modeling" --dry-runWrite preflight prompt/audit/manifest artifacts during a dry-run:
python -m knowledge_agenting.topic_summarizer --group-by topic --topic "Threat modeling" --dry-run --write-preflight-artifactsGenerate one topic summary:
python -m knowledge_agenting.topic_summarizer --group-by topic --topic "Threat modeling"Generate all topic summaries with parallel workers:
python -m knowledge_agenting.topic_summarizer --group-by topic --all --parallel 4List existing topic summaries:
python -m knowledge_agenting.topic_summarizer --group-by topic --list-summariesList topics that currently have classified records and can be summarized:
python -m knowledge_agenting.topic_summarizer --group-by topic --list-topicsGenerate source summaries:
python -m knowledge_agenting.topic_summarizer --group-by source --all --parallel 4Generate author summaries for authors with at least two records:
python -m knowledge_agenting.topic_summarizer --group-by author --all --parallel 4Generate only missing author summaries and leave existing author summaries untouched:
python -m knowledge_agenting.topic_summarizer --group-by author --all --skip-existing --parallel 4List missing author summaries without generating or writing anything:
python -m knowledge_agenting.topic_summarizer --group-by author --all --list-missingAuthor summaries use the summarize_author model from config/llm.ini.
Use --min-records 1 explicitly to include single-record authors.
Coauthored records are included in each individual author's summary; comma, semicolon,
ampersand, and and separators are expanded during author grouping.
Individual authors are normalized in SQLite:
authors unique author names
author_records author-to-record links
records.author retains the original imported author string for provenance.
Summary output files are written to:
summaries/topics/*.md
summaries/sources/*.md
summaries/authors/*.md
Operational artifacts are kept separate:
summaries/artifacts/topics/*
summaries/artifacts/sources/*
summaries/artifacts/authors/*
Artifacts include prompt inputs, audit JSON, manifest JSON, and archived prior outputs. Topic summaries are stored as Markdown files; SQLite does not store the summary bodies.
