Author: Thor Thor Email: codethor@gmail.com GitHub: https://github.com/codethor0 Project: creativity-exploit-engine
The Creativity Engine is a Proof of Concept inspired by "The Creativity Exploit: Toward an Algorithmic Framework for Security Imagination". It models security "creativity" as a combination of novelty, value, and an optional surprise term.
Novelty measures how different a threat scenario is from previously seen scenarios. It is computed as the average cosine distance to the k nearest neighbors in an archive of artifacts, using embeddings in a semantic vector space. When the archive is empty, novelty defaults to 1.0 (maximum novelty).
- Implemented via sentence embeddings (or a deterministic hash-based embedder for tests)
- Approximate nearest neighbor search using HNSW for efficiency
- Normalized vectors ensure cosine distance is in [0, 2]
Value is a domain heuristic in [0, 1] that scores threat scenarios by their security relevance:
- Higher value for critical assets (domain controller, secrets manager, customer DB, CI/CD pipeline)
- Higher value for risky entry points (VPN, supply chain, internet-facing API, compromised credential)
- Higher value for advanced techniques (dependency confusion, SSO misconfig abuse, container escape)
- Penalty for impossible or violated constraints
Surprise is an optional hook for future integration with generative models. It would measure -log p(a) from a learned model. In this PoC, the default is S(a) = 0.0 when no generative model is provided.
C(a) = alpha * N(a) + beta * V(a) + gamma * S(a)
Default weights: alpha=0.5, beta=0.5, gamma=0.0.
The engine implements a simple evolutionary search over threat scenarios:
- Initialize archive with seed artifacts
- For each round:
- Sample parents from the archive
- Apply combinational mutation (replace fields from controlled vocabularies with probability)
- Score candidates by novelty, value, creativity
- Archive candidates whose novelty exceeds a threshold
- Return top-k unique artifacts by creativity
Mutation uses controlled vocabularies for assets, entry points, techniques, and constraints to ensure valid, interpretable scenarios.
- This is a PoC, not a replacement for human threat modeling
- The value heuristic is simple and domain-specific
- Surprise term is a hook only (gamma default 0)
- Embeddings may not capture all semantic nuances of security concepts