We've been quiet for a few months, and that was intentional. We were building, and still are, but now it's time to share what we've been working on, how we got here, and where we're going.
The frustration that started it all
In late 2024, I was deep in cybersecurity research and kept hitting the same wall. Every mainstream LLM refused to engage with security work. Ask it to analyze a binary, help craft a payload, or walk through a technique that's been in every OSCP textbook for a decade, and you'd get the same sanitized refusal. These models were genuinely capable of helping with real security work - they just weren't allowed to.
So I stood up a model without the guardrails and started sharing access with friends across the Chicago cybersecurity scene. The response was immediate. People were using it for recon, report writing, log analysis - the kind of real-world work that AI is excellent at when it's not being overprotective. There was real excitement around what this could become.
Then, as things sometimes do, the project stalled for a while.
The rebuild
In early 2025, a close friend reached out and said he wanted to help build this into something real. That was the momentum we needed. We rebuilt the platform as a full web chat application based on Open WebUI, and what had been a side project started to feel like a real product.
We took it on the road - Thotcon, Cyphercon, SecretCon, and DEF CON. At every conference, the reaction was the same. People would sit down, start using it, and within minutes you could see the possibilities clicking into place. The hallway conversations and demos shaped the product in ways we never could have predicted.
But the most exciting feedback wasn't about the chat interface at all. It was about what happens when you connect an agentic IDE to the Hacker Sidekick API. People kept asking the same question: what if this thing could actually execute, not just talk?
That question changed our entire trajectory.
Enterprise interest and a new direction
By late 2025, we were fielding serious interest from enterprise customers - real security teams with real budgets looking for something purpose-built. So we split our development into two parallel efforts: enterprise servers for organizations that needed centralized deployment and governance, and a desktop agentic environment that could span both enterprise and individual users.
We named the desktop application the Integrated Hacking Environment - our answer to the Integrated Development Environment that every software developer already takes for granted. If developers have an IDE, security professionals should have one too.
Workshops and the proof point
Through late 2025 and into early 2026, we ran a series of hands-on workshops with the Chicago cybersecurity community. I'll write more about these in future posts because they deserve their own spotlight, but the short version is this: watching experienced security professionals use the desktop environment in a live setting revealed things we never would have discovered building in isolation. The way people actually work is different from the way you imagine they work.
Those workshops made something clear. The desktop environment wasn't going to be just a feature. It was the product.
The Cyphercon sprint
When we got accepted to host a full-day workshop at Cyphercon 2026, we knew the stakes. A full day isn't a talk or a panel - it's an opportunity to put the product in people's hands for hours and see if it holds up. We couldn't pass that up.
So we set our target: have an early beta of the desktop application ready for that workshop. What followed was weeks of relentless building - late nights that turned into early mornings, weekends that blurred into weekdays. The kind of sprint where you lose track of the calendar and run on momentum and conviction.
The workshop sold out. And the response wasn't polite interest - it was genuine excitement. Attendees were finding real bugs, chaining real tools, and doing real work inside the environment. That was the validation we needed.
And now it's yours
If you haven't seen it yet, we published the full announcement for the Hacker Sidekick desktop application. It's live, it's public, and anyone can download it.
That post covers the what. This post is the why - the eighteen-month path from a frustration with guardrails to a product we're genuinely proud of, and why we're building what comes next.
Why this matters now more than ever
The recent Glasswing and Mythos developments - Anthropic building a model capable of finding thousands of zero-day vulnerabilities across every major operating system and browser, then deciding it was too dangerous to release publicly - underscore what many of us in the security community already feel. AI is going to fundamentally reshape cybersecurity, and the question isn't whether defenders need AI tools. It's whether they'll have them in time.
That's what Hacker Sidekick is. Not a replacement for security professionals - a force multiplier. Something that amplifies what skilled practitioners can already do, so they can cover more ground, move faster, and focus on the work that actually requires human judgment.
Thank you
Building Hacker Sidekick for the security community - especially my midwest hackers - has been one of the most rewarding experiences of my career. I'm deeply grateful for everyone who has been a part of this journey. The early adopters who gave honest feedback when it was still rough. The conference conversations that shaped our thinking. The workshop participants who pushed the product harder than we ever could on our own. The wonderful team of talented and passionate hackers and developers who show up week after week, and every person who believed in this when it was still just a model running on someone else's computer.
I'm excited that in the next few months we're going to have the opportunity to share with you not just the great things we're building, but the amazing people who have had a hand in making Hacker Sidekick, so you can see the village behind the project.
We're going to be posting weekly (at least) from here on out. No more silence. There's too much to share, and too much still ahead.
If you're a pentester, red teamer, blue teamer, bug bounty hunter, or security researcher - come try it. We built this for you.
- The team at Hacker Sidekick