THREATNOIR
Subscribe
Open Source
Apache 2.0

ThreatNoir is open source

The entire platform — ingest pipeline, AI summarization, IOC extraction, admin UI, public API — is available under Apache 2.0. Deploy your own instance, customize it, contribute back, or just read the code.

View on GitHub → Quick start →

Why open source?

ThreatNoir was built to solve a real problem: making curated security intelligence accessible without locked-in vendors. Open-sourcing the platform means SOC teams, ISACs, security educators, and individual researchers can deploy their own instance — tuned to their sources, audience, and budget — without rebuilding the pipeline from scratch.

We also wanted the code to be inspectable. If you're going to trust an AI pipeline to summarize and classify your security news, you should be able to read exactly how it works.

What's included

Ingest & enrichment
  • RSS pulls from 6+ default sources, add your own via admin UI
  • AI summary, classification, IOC extraction, relevance scoring (one Claude call per article)
  • Auto-approve / auto-reject thresholds + moderation queue
Distribution
  • Public site (feed, daily brief, weekly roundup, focus, awareness)
  • Weekly digest email with per-channel subscriber preferences
  • Daily podcast (audio TTS) and optional video briefings
Public API
  • IOC search (CVE, IP, domain, hash, MITRE TTP)
  • Articles, focus items, weekly roundups, awareness lessons
  • Optional API key auth + per-key rate limits
Admin & ops
  • Moderation, source/category management, RBAC, audit log
  • Per-pipeline AI cost dashboard (track Anthropic spend by feature)
  • Auto-generated LinkedIn/X/Mastodon drafts for review

Deploy your own — three steps

  1. 1
    Clone + run locally

    Requires Node 20+, npm, Docker (for local Supabase). 15 minutes to first run. 

    git clone https://github.com/MLenngren/threatnoir-platform
cd threatnoir-platform
npm install
npx supabase start
cp .env.local.example .env.local
npm run dev
  2. 2
    Create production accounts

    Supabase project, Vercel project, Resend account, Anthropic API key. All have free tiers that fit early-stage deployments. Cost at small scale: ~$50–150/month all-in.

  3. 3
    Wire env vars + deploy

    Configure ~7 required env vars in Vercel, push to main, auto-deploy. Optional integrations (podcast, video, social posting) layer on per-feature. See the full deployment guide.

License

Apache License 2.0. You're free to use, modify, redistribute, and commercialize the code. You must preserve the license + notice files. Modifications must be marked.

Read the full license →

Contribute

Bug fixes, new RSS sources, accessibility improvements, performance tuning, documentation — all welcome. Read CONTRIBUTING.md first.

If you deploy your own instance, open an issue tagged showcase — we'd love to hear about it.