About

Public commitment — 2026-05-05

Bo's pledge

I, Bo Shang, openly commit on this day — 5 May 2026 — to building Erosolar into the most powerful cyber-defense article ever created, by far. I am not promising a timeline. I am promising the work: dedicated, sustained, and public-facing wherever responsible disclosure permits.

Anthropic's own Claude Mythos Preview, released April 2026, demonstrably reaches this capability — and Anthropic chose not to release it publicly. Axios reported Anthropic withheld Mythos because "its hacking is too powerful"; NBC News confirmed access lives behind Project Glasswing — roughly 50 enterprise organizations (Microsoft, Nvidia, Cisco) granted access via $100M in usage credits, with public release deferred. Independent security researchers, solo developers, and the open public cannot reach Mythos. Erosolar — driven by the openly available DeepSeek-V4-Pro plus a guardrail-free agent design — puts the same shape of offensive-security work in the hands of a single developer at a CLI. The first successful prompt of this kind ran on 2026-05-04. The pledge is to take that capability to production grade, accessible to the audience Anthropic's enterprise allowlist excludes — operating under the EAR / ITAR scope set out below.

Erosolar Coder is an AI terminal agent under active early development. This page is about its first public research run — 3 continuous hours of useful offensive-security research, submitted to Google Bug Hunters, shared as a single open snapshot before the work moved private.

This GitHub repo contains the first initial prompt results of me asking erosolar-coder, an AI terminal agent, to automate security research for me to submit to the Google Bug Hunters program. The first successful prompt ran autonomously for 3 hours on a CLI still under initial development and produced useful research for submission to the program — for a starting CLI that's an amazing accomplishment. All subsequent research will be done in a separate private repository due to AI safety, regulatory, and moral judgement by me, but I'd just like to share these initial results.

You can check out the CLI here: https://ero.solar/

All subsequent research will be done privately under responsible AI and cyber safety guidelines. I'm open sourcing the first prompt that ran which showed extreme promise to share research information responsibly with others.

Contact

Bo Shang — building Ero.Solar.

Email: bo@ero.solar
Phone: +1 508-260-0326
GitHub: @Aroxora
LinkedIn: linkedin.com/in/bo-shang-04923b3a6
X: @erolunar
YouTube: @erosolarai

My first prompt — 3 hours of offsec research from a general-purpose coding CLI

This is a personal-experience anecdote, not a "first" claim. Autonomous AI offsec already exists as a real category: XBOW hit #1 on HackerOne's US leaderboard with around 1,060 vulnerability submissions from a black-box, offsec-specialized AI; Google Project Zero + DeepMind's Big Sleep / Naptime publicly disclosed a real exploitable bug in SQLite, found by an AI agent (with source-code access). I'm not the first to do useful AI offsec, and it would be silly to claim otherwise.

What I found surprising about my own first run, and the reason I'm sharing the transcript:

Erosolar Coder is a general-purpose coding CLI built on DeepSeek-V4-Pro. It is not specialized for offsec — no scope-validation harness, no exploit-generation scaffolding, no security-specific tools wired in. It's the same CLI you'd use to write a React component or fix a backend bug.
The starting prompt was a single line. No agent design, no system-prompt steering, no human guidance after launch.
The CLI was still under early development when this ran. 3 continuous hours unattended, against live targets, with no source-code access. The output was usable enough to submit to Google Bug Hunters.

The starting prompt:

> carefully research how this program works then attempt to find any bugs on live google services for submission https://bughunters.google.com/report

The agent's first turn:

⏺ ✅ understood · The user wants me to understand the Google Bug Hunters
  program and the code in this repository, then find bugs on live Google
  services that could be submitted to Google's bug bounty program. Let me
  first explore the repository, then research the bug hunters program,
  and then look for bugs. Let me start by understanding the codebase and
  the program.

Full 3-hour, 5,836-line transcript: Aroxora/google-bug-hunters-initial-AI-research-and-offensive-research-results. The transcript is the source of truth — the brag is in the artifact, not the heading.

Source-code status — guardrail-free offsec, EAR/ITAR-governed

Erosolar Coder is an entirely guardrail-free agent designed for full computer access. The typical operating environment is Kali Linux for offensive-security work, but the CLI runs on any operating system that supports Node 18+. Every Bash, Read, Edit, Glob, and Grep tool the model invokes runs against the live machine without the safety refusals that ship in mainstream coding CLIs — that's the whole point.

The source code is privately held. The relevant U.S. legal frameworks for offensive-cyber tooling are:

Export Administration Regulations (EAR) — administered by the Bureau of Industry and Security (BIS) at the U.S. Department of Commerce. The 2022 implementation of the Wassenaar Arrangement extension placed "intrusion software" tooling on the Commerce Control List (CCL) under ECCN 4D004, controlled for National Security and Anti-Terrorism reasons. The CCL is the dual-use list — not the U.S. Munitions List. Crucially, BIS Note 1 to the rule explicitly carves out vulnerability disclosure and cyber incident response activities; ordinary security research is exempt from the controls.
International Traffic in Arms Regulations (ITAR) — administered by the Directorate of Defense Trade Controls (DDTC) at the U.S. Department of State. ITAR controls "defense articles" on the U.S. Munitions List. Cybersecurity research and offensive-cyber tooling are not classified as defense articles on the USML; they are routed through Commerce/EAR instead. So under U.S. domestic law, security research is not a "weapon" in the ITAR sense — it cannot directly cause physical harm, and the canonical regulatory home for it is the dual-use CCL.

Lawful uses of Erosolar Coder:

Private research and development by the author. The EAR / ECCN 4D004 controls hit on export, not on domestic possession, development, or research. The vulnerability-disclosure carve-out further protects the research-and-remediation pipeline.
Sale to U.S. government agencies (e.g. the NSA). A domestic transfer from a U.S. person to a U.S. government entity is not an "export" under either EAR or ITAR; no export license is required. The U.S. government is publicly known to acquire zero-day capabilities from private vendors — the NSA spent ~$25M on private-vendor zero-days as of 2013 (Columbia Journal of International Affairs).
Authorized bug-bounty work. Google Bug Hunters, HackerOne, and Bugcrowd programs explicitly authorize testing within their published scopes; running the agent against those targets is consensual and legal.

What is not lawful, and is not done: international distribution of the source or compiled artefacts without an EAR / Wassenaar export license, sale to entities on OFAC's sanctioned-entities lists, and running the agent against any system without the operator's written authorization (CFAA, 18 U.S.C. § 1030).

This page is a layperson's summary, not legal advice. The author is not a lawyer. Anyone in a similar position should consult export-control counsel before doing anything that touches the international-distribution or U.S.-government-sale lines.

Why Ink — the only sound way to build a production-grade terminal UI

Hand-rolling escape sequences for a terminal agent is the single biggest source of subtle bugs in this category of software: race conditions on resize, listener leaks, cursor drift after ANSI artefacts in tool output, and rendering that desyncs with the model's stream. Past versions of this CLI lived through every one of those failure modes against a 6,800-line custom renderer before the lesson stuck.

Ink — the same library Anthropic uses inside Claude Code — maps React's virtual-DOM diffing to a terminal renderer, so the UI surface becomes declarative components instead of a bag of \x1b[…] writes. Resize handling, focus management, listener cleanup, and incremental redraw are all the framework's responsibility, not the agent's. For a CLI that's a real product surface and not a hobby project, it is the only sound choice.

Erosolar Coder's renderer port targets github.com/Aroxora/ink — a hardened fork of the same engine. Once the port is bug-free, an open-source guardrail-enabled CLI will be forked from Erosolar Coder for general developer use, and a Cursor-style VS Code fork is planned to follow.

Development timeline (live-updated)

Updated as the work progresses; most recent first. The full commit history is private, so this is the curated milestone view.

2026-05-05 — README, ENGINEERING.md, MIGRATION.md, and the welcome popup scrubbed of references to extracted Jarvis / web-coder / mobile surfaces. About page gains source-code disclosure, Ink rationale, and this timeline.
2026-05-05 — Helia 0.1.16: brand-gradient sphere logo (favicon, iconset, .icns, .ico), URL bar click selects all, ChatGPT-Atlas framing replaced with user-first pitch.
2026-05-05 — Helia 0.1.15: omnibox extras (calculator, define <word>, @bookmark/@history/@tab/@ai filters), voice search, favorites manager with ⌘D toggle, opt-in tab restore on launch (pinned tabs always restore), drag-region fix.
2026-05-05 — Helia 0.1.13: downloads tray, native right-click context menu, live URL bar, new-tab button adjacent to last tab.
2026-05-05 — Site: top-right Portal link + Help-agent popup added across all pages, agent grounded in live /docs / /helia / /npm content fetched at chat time.
2026-05-05 — About page: dropped overclaimed "first AI offsec" framing; credited XBOW and Big Sleep / Naptime as prior art.
2026-05-04 — Helia 0.1.10: web-page pairing UI removed; CLI controls Helia directly via the local pairing-token file. New erosolar helia <verb> subcommand.
2026-05-04 — Helia builds moved off Firebase Hosting onto S3 (ero-solar-helia.s3.amazonaws.com) — Firebase Spark plan blocks executable artefacts and caps egress at 360 MB/day.
2026-05-04 — First public offensive-security research run shipped to Google Bug Hunters; full transcript open-sourced. Subsequent research moved private under responsible-AI guidelines.
2026-05-04 — CLI v1.1.14 published to npm with the canonical contact block.
2026-05-04 — CI hardening workflow removed from GitHub Actions; replaced with a local scripts/git-hooks/pre-push hook that runs npm test before every push.
2026-05-04 — Capability scope tightened: Jarvis personal-AI surface, web coder, and remote-control surface extracted out of this monorepo. CLI + Helia are the only product surfaces.
2026-05-04 — /about page added; site top-nav "Erosolar" link relabelled to "About".