What is CodexC2
CodexC2 fuses 73 live open-source feeds from satellite, ADS-B aircraft, AIS vessels, cyber CVEs, geopolitical news, social signals, into one common operating picture. 616 doctrine-grounded detection rules fire in real time. Every alert, case, and decision is cryptographically chained with ed25519 signatures, giving commanders an audit trail that survives NIST SP 800-171 §3.3.8 scrutiny. Built by operators, for operators.
What CodexC2 is
CodexC2 is a 24/7 autonomous OSINT command-and-control platform. One browser tab gives an analyst the same awareness a 10-person watch floor used to take.
The system:
- Ingests 73 live public feeds across Maritime (AIS), Air (ADS-B, OpenSky, FAA NOTAM), Cyber (CISA KEV, NVD, EPSS, MITRE ATT&CK), Geopolitical (GDELT, ACLED, UCDP), Space (SatNOGS, WSPR HF), and HUMINT/SIGINT proxies.
- Detects threats with 616 rules across four abstraction levels, keyword, threshold, cross-domain, behavioral, mapped to doctrine (JP 2-0, FM 2-0, ATP 3-12.3, ICD-203, STANAG 2022).
- Correlates across domains: a cyber intrusion + a naval manoeuvre + an airspace closure + a commercial traffic anomaly in the same 60-minute window auto-flags as a convergence event.
- Signs every audit-relevant row hourly into a Merkle chain with ed25519 signatures, when a regulator asks "prove nothing was changed," you ship the chain. That's real NIST SP 800-171 §3.3.8 tamper evidence, not a claim.
- Exports in every format allies actually use: STIX 2.1 bundles, Sigma YAML, CoT to ATAK endpoints, GeoJSON + KML, docx / pdf intelligence briefs.
The Problem We Solve
Most intelligence platforms force analysts to choose between speed and rigor. Tools that ingest fast enough to matter don't link evidence. Tools that link evidence well take days to stand up a question. By the time a commander sees a fused picture, the adversary has moved three times.
Worse, the tools that claim all three, speed, rigor, interop, come with price tags and 18-month procurement cycles that rule out smaller allies, domestic gov, and edge operators. The market assumes if you can't afford them, you should accept degraded capability.
We reject that premise.
What Makes It Different
Fused, not federated.
Other platforms federate queries across separate stores, you wait while 12 adapters each answer slowly. CODEX normalises to a single Postgres + pgvector graph. Multi-domain queries are sub-second.
Calibrated, not handwaved.
Every forecast carries a Brier score. Every confidence level maps to ICD-203 vocabulary. When CODEX says "HIGH confidence," that has a defensible statistical meaning, not a vibe.
Signed, not trusted.
The chain-of-custody isn't a log file you hope is clean. It's a Merkle tree where every hour's activity produces a signed epoch root. Tamper with any row and the verification fails on the next check.
Accelerated procurement.
We've mapped to AUKUS Pillar 2 eligibility and DIU Commercial Solutions Opening.
Who It's For
-
Defence intelligence cells running PIR/EEI collection plans that span multiple INTs and need doctrinal traceability on every product.
-
Cyber-physical fusion centres that monitor critical infrastructure and need cyber KEV/ICS/SCADA overlay on geo-plant location, airspace closures, vessel presence in the same view.
-
Operational command posts forward of the flagship intelligence stack, small teams on ships, at FOBs, in partner nations, who need awareness on commodity hardware and commodity network.
-
Partner-nation liaison cells who need to share intelligence in STANAG-compliant formats without exposing the full sensor network.
