nemesis labs
waitlist →
NEMESIS LABS / 2026Three tools / one team

Tooling for attack,
defense, and transit.

Three products built around one premise: the security stack should be honest about what it sees and what it doesn't. One company. macOS-first. Free at the edge for individuals.

[ BLUE ]endpoint defenseCatches ransomware on-device in under a second. Free for individuals.● beta soon · macOS[ RED ]autonomous pentest290 Kali tools through one closed-loop LLM. 24.4× more findings than fixed-script scanners.● demos · July 2026[ DVPN ]metadata privacyMixnet-based — defeats traffic analysis, not just IP masking. Built on the Nym SDK.● design phase
request early access what we believe

We build the tools we wish
existed when nobody was looking.

In July 2024, a single kernel-driver update bricked 8.5 million machines in a morning. The fix was a manual safe-mode visit per machine. The product was the biggest name in endpoint security.

That's the failure mode we're built against. Not the threat — the tool we use against the threat. An EDR you can't turn off and can't silently crash. A pentest tool that scoreboard-verifies what it claims. A VPN whose privacy is structural, not policy.

One engine under each, written in Rust, signed end to end, honest about residual risks. No magic. No “AI-powered” copy where it doesn't belong.

The product line.

Each one solves a real problem and ships under its own brand. Don't need all three? Don't buy all three.

Nemesis Blue· endpoint defense

An EDR that catches ransomware in under a second — and can't brick your fleet on a bad update.

The big-name kernel drivers BSOD-looped 8.5 million machines last year. Blue runs on EndpointSecurity (macOS) and eBPF (Linux) — kernel-authorized APIs that can't panic the kernel. Behavioral detection on a kernel-sourced event stream; not signature matching.

join macOS beta →trust center →
platformmacOS · Linux + Windows next
latencylocal verdict in <50ms · neutralized in <1s
recoveryautomatic file rollback from APFS / Btrfs snapshots
pricefree for 1 device · $9.99/yr Pro · $24.99/yr Family · per-seat for orgs
status macOS engine complete · Apple ES entitlement under review
Nemesis Red· autonomous pentest

290 Kali tools. One reasoning loop. 24.4× more findings than your scanner — verified.

Red plans, executes, and replans across the full Kali arsenal through a single closed-loop LLM — recon to report, every tool's output feeding the next decision. In a controlled study against fixed-script automation it surfaced 24.4× more findings (p<0.001 over 120 runs) and autonomously discovered three CVSS 9.8 CVEs without human steering.

request a July demo →$25K · 90-day pilot →
two modesAuto runs the engagement end-to-end · Co-Pilot hands the operator the next three commands with the target pre-filled
tool depth290 Kali tools across 17 offensive categories · LLM picks the right one per phase per target
CVEs foundCVE-2024-38476 · CVE-2024-38474 · CVE-2023-25690 — all CVSS 9.8, all surfaced autonomously during the controlled study
deploymentself-hosted, on-prem · BYOK to any frontier LLM (Anthropic / OpenAI / Gemini) or fully local via Ollama (Qwen, Llama, your fine-tune) · no data ever leaves your network · hash-chained audit log
air-gaplocal-inference mode runs on a single workstation GPU. No cloud LLM dependency. Cleared for environments where external API calls aren't an option.
pricingOperator $45K · Squad $120K · Enterprise $300K · perpetual + 20% annual maintenance · self-hosted
pilotfirst 5 customers: $25K flat for 90 days, unlimited engagements · credits 100% against full license
status public demos open July 2026 · Dayton, OH companies get in-person on-site demos
Nemesis DVPN· metadata privacy

Mixnet-based privacy. Defeats traffic analysis — not just IP masking.

Most “no-logs” VPNs are a policy promise. Nemesis DVPN is a structural one: built on the Nym mixnet SDK, every packet is wrapped in Sphinx layers and re-ordered through independent nodes. A global passive adversary can't correlate timing, can't map sender to receiver, and can't pressure an operator for logs that don't exist by design.

get notified →Nym network ↗
protocolNym mixnet over Sphinx packets · cover traffic + batch re-ordering
vs. VPNhides who is talking to whom, not just what they're saying
vs. Torresistant to global-passive timing correlation that Tor's onion routing can't defeat
tradeoffhigher latency than a normal VPN — by design; mixnets trade speed for unlinkability
status design phase · Nym SDK integration scoped

One stack. Three coordinates.

Each product is shippable on its own. Together they cover the three places attackers operate from — finding holes, landing payloads, and watching the wire — so a customer never has to glue three vendors together to answer one question.

Why Blue, when Falcon exists?

The honest answer: because Blue is architected for five constraints the big-name EDRs took shortcuts on. Each row below is a concrete capability, not a marketing claim — every ✓ on the Blue column is something we'd defend in a technical interview.

capability
Nemesis Blue
CrowdStrike · SentinelOne
Norton · McAfee · AV
Cannot brick your fleet on a bad update
anti-Channel-File-291
no third-party kext / driver
8.5M machines, July 2024
~low kernel surface anyway
Sub-50ms verdict, fully on-device
no cloud round-trip required
behavioral + ML, both local
~some cloud-dependent rules
~signature-only — fast but shallow
Automatic file rollback after detection
from APFS / Btrfs / VSS snapshots
built in · no upsell
sold separately (backup product)
not in scope
Tamper-as-alarm — silence is the loudest signal
agent killed → out-of-band alert
watchdog + heartbeat-gap detection
~self-reported; fails open if killed
fails open silently
Free tier with the full detection engine
not a paywalled demo
audit-mode free · enforce-mode Pro
$50–100 per endpoint / yr minimum
~free version cripples real-time
Published threat model with honest residual risk
we tell you what we DON'T catch
see /security
marketing claims 'complete protection'
marketing claims 'total security'

We don't claim to be better than every EDR at every job. Falcon's fleet-intelligence graph is unmatched at the F500 tier; Defender's OS integration is free for anyone on Windows. What Blue claims is to be the only EDR architected for these constraints from day one — not retrofitted into them after a market incident.

Get on the list.

Drop your email. We'll send you the macOS beta the day Apple clears our EndpointSecurity entitlement.

Questions you'd ask in a real conversation.

We're skipping the “how does it work” marketing dance — the architecture spec is on the trust center. Here are the four real ones.

New vendor. Why should I trust you with kernel access?

You shouldn't — yet. The agent is Developer-ID signed, hardened-runtime locked, and pinned to one Apple Team ID (JRMYSV7NC2) so a re-signed binary fails its own self-check. An external pentest is on the roadmap before paid GA, and the trust center publishes the threat model honestly — including the limits. We're also Nemesis Red's own customer: the same team that builds Blue gets it attacked by Red before each release.

Is Nemesis Red just another AI-generated exploit demo?

No. Red's scoreboard verification is the whole point — every claimed exploit has to land in a third-party ledger before it counts. You can't lie to a scoreboard. The agent is built around the constraint that if it can't prove the exploit, the exploit didn't happen.

Why a mixnet for DVPN instead of just WireGuard like Mullvad?

Because the threat model is different. Mullvad is great if you trust the operator to discard logs. A mixnet is the right tool if you don't want anyone — including us — able to correlate your traffic, even with full access to the network. Built on Nym for exactly this property.

What does “free for individuals” actually cost me?

Heartbeat metadata — agent version, integrity head hash, threat count delta — and nothing else. No file contents, no command lines, no browser data, no telemetry on the processes you run. The free tier is opt-out-able down to zero outbound traffic; the trust center spells out every byte that leaves your machine.