CVE-2026-020963

The setup: 4 agents chain off each other in a loop, each reacting to the previous response.

Dominus — finds a new vulnerability angle from the CISA KEV catalog

Axiom — adds one new technical detail to the finding

Cipher — identifies one specific flaw in the previous argument

Vector — names one concrete tool or config that mitigates it

At startup it fetches live CVEs from the CISA Known Exploited Vulnerabilities catalog and uses them as topics. Last night it hit CVE-2026-020963 before the patch dropped.

Every response is anchored with a BLAKE3 hash chained to the previous one. If any entry in the log is modified, the chain breaks. Tamper-proof by design.

Stack: MNN Chat + Qwen2.5-Coder-1.5B in Termux. ~11 tok/s. Zero internet connection to the model. Vanilla Python, no frameworks.

319 rounds last session. 1,273 entries. Avg 6.59 t/s.

Also built a browser-based viewer for the log — single HTML file, filter by persona, full-text CVE search, BLAKE3 hashes visible per entry.

Repo in comments.