A manifesto for building things that cut. Not because the world asked for it, but because the tools that existed were dull.
“The first rule of ninja club is you DO talk about ninja club.”
Every intelligence platform you’ve ever used was built by a committee. Designed by product managers who’ve never triaged an alert at 3am. Sold by people who think “threat landscape” is just a good slide title.
This is different. This was built by someone who got tired of waiting for the tools to get better, opened a terminal, and started writing.
No stealth mode. No NDA. No six-month sales cycle. If the work is good enough, it speaks. And if it speaks, you should hear it.
Sixteen platforms. One person. No funding, no team, no sprint planning, no Jira tickets. Just a security engineer who decided that the gap between what enterprise tools promise and what they deliver was wide enough to build an entire ecosystem inside.
The cost is measured in weekends that disappeared. In guitar sessions cut short because a Cypher query was bothering you. In realising at 2am that your ingester has been silently dropping Indicators for six hours and nobody noticed because there is no “nobody” — there’s just you.
But the reward is this: everything connects. No API translation layer built by a third-party integration team. No webhook that fires 40% of the time. When Signal sees a new indicator, Raz0r already knows. When Fusion detects a geopolitical shift, V0id’s Oracle score updates. When 1D maps an attack path, Nexus cross-references the UBO. Because one person built all of it, and one person understands all of it.
Intelligence doesn’t live in silos. A CVE is not just a vulnerability — it’s a node in a graph that connects to the threat actor who exploits it, the campaign that deploys it, the infrastructure that hosts it, the identity it compromises, and the geopolitical context that motivated it.
Every vendor in this space gives you one slice. Signal gives you IOCs. Raz0r gives you detections. Fusion gives you geopolitics. But none of them talk to each other — not really. Not the way graph edges talk to each other.
The mesh exists because traversal is the product. The ability to start at a detection rule in Raz0r, follow it to the technique in Signal, hop to the actor who uses it, check their infrastructure in Nexus, see the campaign in Fusion, assess the identity exposure in 1D, and land on a risk score — all in one query, all in one graph — that’s not a feature. That’s the reason this thing was built.
No design by committee. No lowest common denominator. Every architectural decision made by the person who has to live with it.
This isn’t a startup. There’s no board meeting, no pivot, no acqui-hire. It exists because the work justifies itself.
Sixteen platforms in fourteen months. Not because speed is the goal, but because momentum is how solo builders survive.
NinjaTone, SITREP, the public CVE and actor pages — free. The operational tools behind them — built for practitioners who know what they’re looking at.
Not the dashboard. Not the report. Not the executive summary. The graph. Everything else is just a view of it.
EDR agent, SIEM, CTI platform, OSINT graph, identity mapper, fusion engine, autonomous agents. Each one makes the others sharper.
Clean code has fewer bugs. Simple architecture has smaller attack surface. Beautiful interfaces get used. Ugly tools get bypassed.
The best work in the world means nothing if it sits in a private repo. Rule Zero exists for a reason. The work speaks — let it.
Seventeen platforms. One graph. One person.
Scott Gardner — security engineer, builder, guitarist. Based in the UK. Built the entire ninja.ing ecosystem solo, from first commit to production deployment.
Background in enterprise security operations, threat intelligence, and the particular kind of frustration that comes from watching a multi-million-pound SIEM miss the same alerts every Tuesday.
The kind of person who, when handed a dull tool, doesn’t file a feature request. He builds a sharper one.
Got something to say? A question, a proposal, or just want to tell me the SIEM window is broken again? Drop a message.