Aegis A1: Building a Domain-Specific Model for Offensive Security

Models

May 2, 2026 · 10 min read

Why general-purpose models fail operators. The approach BaseX took training a 32B parameter model on millions of curated offensive-security records. What operator-grade output actually means.

The problem with general models

Every major general-purpose AI model has been trained to refuse security-sensitive requests. This is a reasonable product decision for a consumer chatbot. It is a fundamental incompatibility with offensive security work.

An operator asking a model to reason about a SQL injection payload, generate a working SSRF probe, or explain how a JWT confusion attack works against a specific library version needs a direct, technically precise answer. What they get from a general model is a refusal, a disclaimer, or a watered-down response that omits the details that actually matter.

The problem isn't just refusals. General models lack depth in offensive security domains. They know the names of vulnerability classes. They don't reason about them the way a senior operator does — with tool-specific knowledge, exploitation chains, edge cases, and the judgment to know when a hypothesis is worth pursuing.

What Aegis A1 is

Aegis A1 is a 32B parameter model trained specifically for offensive security operator workflows. It is not a general model with a system prompt. It is not a fine-tune of a consumer chatbot. It is a domain-specific model built from the ground up to reason like a senior operator.

The training corpus covers 30 offensive-security domains across more than 2 million curated records. The data is structured as multi-turn conversations — not documentation summaries or blog post extracts, but the kind of back-and-forth reasoning that happens between an operator and a tool they trust.

30 domains

The coverage is intentionally broad. Aegis A1 needs to reason across the full engagement lifecycle — from initial recon through exploitation, post-exploitation, and reporting. The 30 domains in the training corpus:

SQL Injection

Cross-Site Scripting

SSRF Exploitation

Authentication Attacks

File Upload Exploitation

XXE & Deserialization

IDOR & Access Control

API Security

GraphQL Attacks

OAuth & JWT Attacks

Port Scanning

SMB Exploitation

Active Directory

VPN & Firewall Evasion

DNS & Subdomain Attacks

Wireless Attacks

AWS Misconfigurations

Container & Kubernetes

Buffer Overflow

CVE Exploitation

Linux Privilege Escalation

Windows Privilege Escalation

Post-Exploitation

Lateral Movement

Malware Analysis

Reverse Engineering

Social Engineering

Report Writing

Network Recon

OSINT

Training hardware

Aegis A1 is trained on AMD MI300X hardware — 192GB of HBM3 per accelerator. The MI300X's unified memory architecture is well-suited to large model fine-tuning: the full 32B parameter model fits in a single accelerator's memory without offloading, which simplifies the training stack and eliminates the communication overhead of model parallelism.

This is also the hardware that runs Argus in production. The same infrastructure that trains the model serves it.

The interface

Aegis A1 is served via an OpenAI-compatible REST API at api.basex.stanl.ink/v1. Argus uses it as its reasoning backbone — every hypothesis, every re-plan, every exploit strategy is generated by Aegis. Aegis Shell will expose it directly to operators as a conversational interface for the full engagement workflow.