Provides guidance for LLM post-training with RL using slime, a Megatron+SGLang framework. Use when training GLM models, implementing custom data generation workflows, or needing tight Megatron-LM integration for RL scaling.

Provides guidance for PyTorch-native agentic RL using torchforge, Meta's library separating infra from algorithms. Use when you want clean RL abstractions, easy algorithm experimentation, or scalable training with Monarch and TorchTitan.

Provides guidance for training LLMs with reinforcement learning using verl (Volcano Engine RL). Use when implementing RLHF, GRPO, PPO, or other RL algorithms for LLM post-training at scale with flexible infrastructure backends.

NVIDIA's runtime safety framework for LLM applications. Features jailbreak detection, input/output validation, fact-checking, hallucination detection, PII filtering, toxicity detection. Uses Colang 2.0 DSL for programmable rails. Production-ready, runs on T4 GPU.

Distributed training orchestration across clusters. Scales PyTorch/TensorFlow/HuggingFace from laptop to 1000s of nodes. Built-in hyperparameter tuning with Ray Tune, fault tolerance, elastic scaling. Use when training massive models across multiple machines or running distributed hyperparameter sweeps.

Track ML experiments, manage model registry with versioning, deploy models to production, and reproduce experiments with MLflow - framework-agnostic ML lifecycle platform

Managed vector database for production AI applications. Fully managed, auto-scaling, with hybrid search (dense + sparse), metadata filtering, and namespaces. Low latency (<100ms p95). Use for production RAG, recommendation systems, or semantic search at scale. Best for serverless, managed infrastructure.

Evaluates NVIDIA Cosmos Policy on LIBERO and RoboCasa simulation environments. Use when setting up cosmos-policy for robot manipulation evaluation, running headless GPU evaluations with EGL rendering, or profiling inference latency on cluster or local GPU machines.

Guides researchers through structured ideation frameworks to discover high-impact research directions. Use when exploring new problem spaces, pivoting between projects, or seeking novel angles on existing work.

Applies cognitive science frameworks for creative thinking to CS and AI research ideation. Use when seeking genuinely novel research directions by leveraging combinatorial creativity, analogical reasoning, constraint manipulation, and other empirically grounded creative strategies.

> Best practices for building agents and agentic applications with Plano — the AI-native proxy and dataplane. Covers configuration, routing, agent orchestration, filter chains, observability, CLI oper

CLI tool for automating any terminal application — TUI apps, shells, CLI tools, REPLs, and more. Use when you need to launch a process in a virtual terminal, capture its screen output, inject keystrokes or mouse input, take screenshots, record sessions, or assert on what's visible.

'Parses API Gateway access logs (AWS API Gateway, Kong, Nginx) to detect BOLA/IDOR attacks, rate limit bypass,

'Queries Azure Monitor activity logs and sign-in logs via azure-monitor-query to detect suspicious administrative

Detect abnormal access patterns in AWS S3, GCS, and Azure Blob Storage by analyzing CloudTrail Data Events, GCS

Perform comprehensive forensic analysis of disk images using Autopsy to recover files, examine artifacts, and

Perform static and symbolic analysis of Solidity smart contracts using Slither and Mythril to detect reentrancy,

'Parses Kubernetes API server audit logs (JSON lines) to detect exec-into-pod, secret access, RBAC modifications,

Examine Linux system artifacts including auth logs, cron jobs, shell history, and system configuration to uncover

'Executes malware samples in Cuckoo Sandbox to observe runtime behavior including process creation, file system

Use the Malpedia platform and API to research malware family relationships, track variant evolution, link families

Detect and analyze covert communication channels used by malware including DNS tunneling, ICMP exfiltration,

Parse NetFlow v9 and IPFIX records to detect volumetric anomalies, port scanning, data exfiltration, and C2 beaconing

Parse Windows PowerShell Script Block Logs (Event ID 4104) from EVTX files to detect obfuscated commands, encoded

'Analyzes encryption algorithms, key management, and file encryption routines used by ransomware families to

'Traces ransomware cryptocurrency payment flows using blockchain analysis tools such as Chainalysis Reactor,

Examine file system slack space, MFT entries, USN journal, and alternate data streams to recover hidden data

MITRE ATT&CK is a globally-accessible knowledge base of adversary tactics, techniques, and procedures (TTPs)

'Queries Certificate Transparency logs via crt.sh and pycrtsh to detect phishing domains, unauthorized certificate

Investigate USB device connection history from Windows registry, event logs, and setupapi logs to track removable

Parse Apache and Nginx access logs to detect SQL injection attempts, local file inclusion, directory traversal,

'Analyzes Windows Security, System, and Sysmon event logs in Splunk to detect authentication attacks, privilege

'Auditing Kubernetes cluster RBAC configurations to identify overly permissive roles, wildcard permissions, dangerous

Build an automated system to track adversary infrastructure using passive DNS, certificate transparency, WHOIS

Build and configure a resilient command-and-control infrastructure using BishopFox's Sliver C2 framework with

Establish SAML 2.0 identity federation between on-premises Active Directory and Azure AD (Microsoft Entra ID)

'Builds comprehensive identity governance and lifecycle management processes including joiner-mover-leaver automation,

Implement a phishing report button in email clients with automated triage workflow that analyzes user-reported

'Builds a structured ransomware incident response playbook aligned with the CISA StopRansomware Guide and NIST

Deploy and configure the Havoc C2 framework with teamserver, HTTPS listeners, redirectors, and Demon agents for

Apply bottom-up and top-down role mining techniques to discover optimal RBAC roles from existing user-permission

Build a structured SOC escalation matrix defining severity tiers, response SLAs, escalation paths, and notification

'Builds a structured SOC incident response playbook for ransomware attacks covering detection, containment, eradication,

Building a Threat Intelligence Platform (TIP) involves deploying and integrating multiple CTI tools into a unified

Build a vulnerability exception and risk acceptance tracking system with approval workflows, compensating controls

'Responds to malware infections across enterprise endpoints by identifying the malware family, determining infection

Implement Microsoft's Enhanced Security Admin Environment (ESAE) tiered administration model for Active Directory.

A Certificate Authority (CA) is the trust anchor in a PKI hierarchy, responsible for issuing, signing, and revoking

'Configures host-based intrusion detection systems (HIDS) to monitor endpoint file integrity, system calls, and

'Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request identity verification for Compute