iklobato

iklobato / avai

Public

macOS / Linux host security telemetry collector with LLM threat judge and a single-page web dashboard.

10
0
89% credibility
Found May 31, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

avai is an open-source host security monitoring tool that scans your computer for suspicious processes, network activity, persistence mechanisms, and other threat indicators, enriches findings with 17 external threat-intelligence sources, and uses an AI assistant to classify each finding with plain-English verdicts and remediation steps, all displayed in a read-only web dashboard.

How It Works

1
🔍 Discover a security tool

You hear about avai through its website or GitHub — a tool that watches your computer for threats and explains everything in plain English.

2
🚀 Get it running in minutes

You install it with one simple command. It works on your laptop or a server, and you can try it safely without any special setup.

3
🔗 Connect your AI assistant

You connect your own AI account so the tool can think through each finding and tell you if something is dangerous — your data stays private.

4
🛡️ Watch it scan your system

The tool quietly checks 26 different places where malware hides — processes, network connections, startup items, USB devices, and more.

5
🔎 Enrich findings with threat intelligence

Each suspicious item gets checked against 17 security databases automatically, so the AI has the full picture before making a judgment.

6
See your results your way
🌐
Dashboard view

Open the web dashboard to see a visual overview with charts, filters, and alerts for new threats.

💻
Terminal view

Query the database directly with simple commands to build scripts or automated reports.

Understand your security posture

You get clear verdicts — malicious, suspicious, unknown, or benign — with plain-English explanations and one-click fixes for anything concerning.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is avai?

Avai is a host security telemetry collector that snapshots your macOS or Linux machine and uses a Claude-class LLM to classify what it finds. It grabs 26 different host surfaces on macOS (processes, USB devices, launch items, TCC permissions, network flows, browser extensions) and 21 on Linux, enriches every new artifact with up to 17 threat-intel sources (VirusTotal, MalwareBazaar, CISA KEV, Shodan, GreyNoise, and more), then asks the LLM to render a verdict: malicious, suspicious, unknown, or benign. The verdict comes back with MITRE-aligned categories, a confidence score, and a one-line remediation. A Flask dashboard on port 8765 displays everything; all data lives in a single SQLite file.

Why is it gaining traction?

The pitch is "EDR breadth without the agent contract." You run one Docker command or pip install, point it at your Anthropic API key, and get plain-English threat verdicts instead of log queries. The dedup-by-content-hash approach means each artifact is judged once, so a busy host does not translate to a runaway API bill. The threat-intel layer runs automatically with whatever API keys you have; missing keys disable sources cleanly rather than breaking the pipeline. The dashboard is read-only and the whole state is portable. You can run the monitor on a server and view the dashboard on your laptop by syncing one SQLite file.

Who should use this?

Security-minded developers and small teams who want visibility into their workstations or servers without deploying a full SIEM. System administrators who need to audit macOS or Linux hosts across a small fleet. Anyone who wants an LLM to do the first-pass triage on suspicious processes, network connections, or persistence mechanisms, backed by real threat-intel feeds.

Verdict

Avai has thoughtful architecture (content-hash dedup, plug-and-play intel sources, SQLite portability) and a genuinely useful feature set. However, the credibility score sits at 0.9% and the repository has only 10 stars -- this is a very young project at version 0.3.x with the "Beta" classifier. The documentation is thorough and the test suite (320+ tests) suggests the author cares about correctness, but you would be an early adopter if you bet on this. For homelab use or personal security hygiene, it is worth trying. For production environments where you need support and guarantees, wait for a 1.0 or a more established community.

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.