Meet neo4 — a red team operator with roughly three years of offensive security experience under their belt, a self-described "hardcore Linux/Arch culture operator," and Python developer who lives in the terminal. This isn't some enterprise security consultant or compliance auditor. We're talking OPSEC-first mentality, root-level control freaks who treat surveillance like a personal insult. And now they've built something that actually fits that workflow: Cyber SH Agent, an offline AI CLI operator that runs entirely on your local machine without touching any servers or external APIs.
The Problem With Current AI Tools
Most AI-powered developer tools today are cloud-locked nightmares masquerading as productivity boosters. You want code completion? Great, send everything to OpenAI's servers and pray they don't train on your proprietary exploit frameworks. Bug bounty hunting with AI assistance? Sure, just let some third-party provider log every target you're investigating. It's surveillance dressed up as convenience, and hackers have been rejecting this model for obvious reasons. The mainstream tooling ecosystem offers penetration testing assistants that phone home to corporate infrastructure — a cardinal sin in red team circles where operational security isn't optional.
What Cyber SH Agent Actually Does
Cyber SH Agent flips the script entirely. Built by neo4 (who's already earned recognition from Disney's Vulnerability Disclosure Program for responsible disclosure), this tool runs 100% offline using GGUF models through llama-cpp-python. No API keys required. No servers involved. Your data never leaves your machine — that's not a marketing claim, it's architectural enforcement. The tool operates across five distinct modes: Agent Mode gives the AI direct CLI control with system access for autonomous operations; Sec Mode positions itself as a bug bounty and penetration testing expert for offensive security work; Vibe Mode handles creative coding and UI/UX assistance; Code Mode generates production-ready code; and Chat Mode serves as a general-purpose AI assistant. Each mode is purpose-built for different operational contexts.
Technical Architecture
The stack is refreshingly straightforward: GGUF models (quantized LLM weights in a format optimized for local inference) running through llama-cpp-python provides the AI backbone. This means you can swap in any compatible GGUF model — no vendor lock-in, no subscription fees, no telemetry. The repository lives at github.com/neo4-svg/cybersh.git for anyone wanting to inspect the source or contribute. For security researchers who've been watching enterprise AI tools consolidate data collection practices while calling it "enterprise features," this approach represents what open-source tooling should have been all along — transparent, auditable, and respectful of user sovereignty.
Key Takeaways
- Runs entirely offline with GGUF models via llama-cpp-python — zero external connections
- Five operational modes: Agent, Sec (bug bounty/pen testing), Vibe (creative coding), Code, and Chat
- No API keys or server dependencies required to function
- Built by an experienced red teamer with Disney VDP recognition for responsible disclosure
- Source available on GitHub for community auditing and contribution
The Bottom Line
This is what happens when someone actually uses the tools they critique. Neo4 identified a gap between what hackers need (local, offline, zero-surveillance AI assistance) and what the market offered (cloud-locked surveillance with a pretty interface), then built the solution themselves. Whether Cyber SH Agent becomes the go-to for penetration testers tired of sending reconnaissance data to third parties remains to be seen — but it's exactly the kind of project the offensive security community should be rallying around.