What does your defense actually do?
Now you can measure it.
Most security tooling can't tell you whether a WAF actually works. Atlas Crew Security can. Crucible attacks. Synapse decides. Chimera receives. Crucible's ground-truth assertions evaluate whether what happened matches what should have happened, given Synapse's configuration. Four open-source products, one closed-loop measurement system.
A closed-loop system for measuring what your defenses actually do.
Three flagship products form a measurement loop. Bridge orchestrates them. Each request carries an expected outcome; the assertion fires when actual matches expected, or doesn't. Without a defender in the path, half the assertions break — Synapse is the defender, Crucible the assertion engine, Chimera the canvas they share.
Bring your own WAF. Crucible's assertions work against any defender. Use Synapse for the integrated reference path, or swap it for Cloudflare, AWS WAF, or your own stack. Bridge handles the routing.
Four products. One measurement system.
Three flagship products sit at peer level. Each is useful on its own, and all three integrate into a closed loop. Bridge orchestrates the lab. Each product page covers install, architecture, and the underlying engineering.
High-performance edge defense. Rust + Pingora WAF with embedded decisions, sub-millisecond detection, and fleet-aware intelligence. Verdicts are reached inside the proxy, not a round-trip to a cloud backend away.
Synapse →
480+ vulnerable API endpoints across 25 industry verticals. Twelve have branded production-style frontends. Real attack surfaces with remediation built in, so every scenario runs against the same target.
Chimera →
120+ attack scenarios authored against Chimera's specific endpoints. DAG execution, ground-truth assertions, MITRE ATT&CK mapped. The assertion engine that turns "we ran some attacks" into "the WAF blocked exactly what it should have."
Crucible →
Local operational console for the lab. Service inventory, visual config editor, log streamer, dependency-aware lifecycle. Run npx @atlascrew/bridge up and the whole platform is running.
The platform's simulation sandbox. 11 protocol servers, AI red team autopilot, chaos engineering, deception. Capabilities prototyped here are used by all four flagship products; ideas that mature can graduate to new features or new products.
Bring your own WAF.
Atlas Crew Security ships with Synapse as the integrated reference defender, but Crucible's ground-truth assertions don't care what's in the path. Point Bridge at Cloudflare, AWS WAF, F5, or your own stack and use Crucible's scenarios to measure what those defenders actually catch against the same standardized Chimera targets, with the same pass/fail rigor.
One command to a working lab.
Bridge handles the lifecycle. Crucible runs scenarios. Synapse sits in the path. Chimera waits for traffic. Local-first, no signups, no telemetry, no SaaS dependency.