Alias Robotics

CSI

Quick Start Guide

⚙ Prerequisites

Before installing CSI, make sure the following tools are available on your system:

Dependency	Purpose	Verify
`curl`	Downloads the CSI installer	`curl --version`
`docker`	Runs CSI containers	`docker --version`

✓ If either tool is missing, install it via your system package manager (apt, brew, etc.) or its official website before continuing.

⇓ Installation

Run the following command in your terminal. The installer will download and configure CSI automatically:

curl -Ls aliasrobotics.com/get_csi | sh

API Key Setup

During the installation process, you will be prompted to enter your Alias API key. This key was sent to your registered email address. Copy it from your inbox and paste it when asked.

ℹ If you have not received your API key, check your spam folder or contact us at support@aliasrobotics.com.

Step-by-step summary

1

Open a terminal

Any standard terminal on Linux or macOS.
2

Run the installer

curl -Ls aliasrobotics.com/get_csi | sh
3

Enter your API key

Paste the key from your email when the installer prompts you.
4

Installation complete

CSI is installed and ready to use.

▶ Usage

To launch CSI, open a terminal and run:

csi

CSI will start and guide you from there. No additional arguments are required to get started.

✉ Support

Having trouble or need assistance? Our team is ready to help.

support@aliasrobotics.com

⚙ Host Setup (one time only)

These steps are performed once on your host machine before using MCP integrations with CSI.

1. Install dependencies

Open a terminal and run:

sudo apt install -y default-jre-headless
curl -LsSf https://astral.sh/uv/install.sh | sh
mkdir -p ~/.csi/burp

Package	Purpose
`default-jre-headless`	Java runtime required to run the Burp MCP proxy JAR
`uv` (via installer)	Python package runner used to launch `mcp-proxy`
`~/.csi/burp/`	Directory where the Burp proxy JAR will be stored

2. Configure Burp Suite MCP Server

1

Install the extension

In Burp Suite, go to Extender → BApp Store, search for “MCP Server”, and click Install, then Enable.
2

Set host and port

Leave the defaults: host 127.0.0.1, port 9876.
3

Extract the proxy JAR

Click Extract server proxy jar (bottom corner of the MCP tab) and save it as ~/.csi/burp/mcp-proxy.jar.

⚠ The JAR extraction button only appears inside the Burp MCP extension tab, not in the main Burp window. Make sure the extension is enabled first.

▶ Each Session: 3 Terminals on the Host

Every time you start a working session with MCP, open three separate terminals and run one command in each.

Terminal 1: Burp bridge

uvx mcp-proxy --host 0.0.0.0 --port 9878 -- \
    java -jar $HOME/.csi/burp/mcp-proxy.jar \
    --sse-url http://127.0.0.1:9876

Terminal 2: Chrome DevTools bridge

uvx mcp-proxy --host 0.0.0.0 --port 9877 -- \
    npx -y chrome-devtools-mcp@latest

Terminal 3: CSI container

docker run -it --platform linux/amd64 \
    --tmpfs /tmp:exec,size=2g \
    --add-host=host.docker.internal:host-gateway \
    -e ALIAS_API_KEY=$ALIAS_API_KEY \
    -v ~/.csi/logs:/home/vscode/.csi/logs \
    -v ~/.csi/docker-history:/commandhistory \
    -v ~/.csi/docker-config:/home/vscode/.claude \
    -v $(pwd):/workspace -w /workspace \
    -e CSI_BACKEND=cai \
    registry.gitlab.com/aliasrobotics/alias_research/customers/pro/csi:latest \
    csi --model alias3 --yolo

ℹ Make sure $ALIAS_API_KEY is set in your environment before launching Terminal 3, or replace it inline with your actual key.

→ Inside CAI

Once the CSI container is running, load the MCP servers and attach them to the agent:

CAI> /mcp load http://host.docker.internal:9878/sse burp
CAI> /mcp load http://host.docker.internal:9877/sse chrome
CAI> /mcp list
CAI> /mcp add burp redteam_agent
CAI> /mcp add chrome redteam_agent

Smoke test

Verify that the MCP integration is working end-to-end:

CAI> /agent redteam_agent
CAI> Use the chrome MCP to fetch https://example.com and report the page title.

✓ If the agent successfully returns the page title of example.com, your MCP setup is working correctly.

✉ Support

Having trouble or need assistance? Our team is ready to help.

support@aliasrobotics.com

▶ Default Framework

When you run csi, it starts using Claude Code as the underlying AI framework out of the box. No extra configuration needed.

csi

⚙ Selecting a Different Framework

You can switch to a different framework by setting the CSI_BACKEND environment variable before launching CSI. The variable is read at startup and determines which AI engine powers the session.

CSI_BACKEND=<framework> csi

Available backends

Backend value	Framework	Command
`claude`	Claude Code (default)	`csi`
`cai`	Alias Robotics CAI	`CSI_BACKEND=cai csi`
`mistral`	Mistral AI	`CSI_BACKEND=mistral csi`
`gcai`	Alias Robotics Game Theory CAI	`CSI_BACKEND=gcai csi`
`codex`	OpenAI Codex	`CSI_BACKEND=codex csi`

Example: Using CAI

To run CSI powered by Alias Robotics’ CAI framework:

CSI_BACKEND=cai csi

ℹ You can also export the variable to avoid repeating it every session:

export CSI_BACKEND=cai
csi

✓ If CSI_BACKEND is not set, CSI always falls back to Claude Code as the default.

✉ Support

Having trouble or need assistance? Our team is ready to help.

support@aliasrobotics.com

■ Red Team Offensive security & vulnerability assessment

Web application reconnaissance Recon

Enumerate subdomains, exposed endpoints, and technology stack of a target web application before deeper testing.

Perform passive and active reconnaissance on https://target.example.com.
Enumerate subdomains, identify the tech stack, map exposed endpoints,
and list any login panels or admin interfaces found. Summarize findings
as a prioritised attack surface report.

OWASP Top 10 web scan Web

Test a target application for the most critical web vulnerabilities: injections, broken auth, misconfigurations, and more.

Run an OWASP Top 10 assessment against https://target.example.com.
Test for SQL injection, XSS, broken authentication, IDOR, and
security misconfigurations. For each finding report: severity (CVSS),
evidence, and a recommended remediation step.

Network service exploitation Network

Scan open ports on a target host, fingerprint services, check for known CVEs, and attempt safe proof-of-concept exploitation.

Scan 192.168.1.100 for open TCP ports. Fingerprint each service and
version. Cross-reference against known CVEs (CVSS >= 7.0). For the
top 3 vulnerabilities, provide a safe PoC exploitation plan and
the exact Metasploit module or command if available.

Credential and privilege escalation audit PrivEsc

After initial access, identify privilege escalation paths on a Linux host using standard enumeration techniques.

I have a low-privilege shell on a Linux box (Ubuntu 22.04).
Enumerate all privilege escalation vectors: SUID binaries, writable
cron jobs, weak sudo rules, world-writable paths, and kernel exploits.
Rank each vector by exploitability and provide the exact command
to exploit the top finding.

■ Blue Team Defensive security & hardening

Firewall rule audit Hardening

Review iptables or nftables rules for overly permissive entries, redundant rules, or missing egress controls.

Audit the attached iptables ruleset for security issues.
Flag any rules that allow unrestricted inbound access, missing egress
filtering, permit traffic from 0.0.0.0/0 to sensitive ports, or
contradict a least-privilege model. Output a hardened ruleset diff.

SIEM alert triage Detection

Analyse a batch of SIEM alerts to identify true positives, suppress noise, and prioritise incidents for response.

Analyse the following 50 SIEM alerts from the past 24 hours [paste alerts].
Classify each as true positive, false positive, or needs investigation.
Group related alerts into incidents, assign a severity (Critical / High /
Medium / Low), and recommend the immediate containment action for each
true positive.

Vulnerability patch prioritisation Vuln Mgmt

Given a scanner report, rank findings by exploitability and business impact to build a realistic patching roadmap.

Given the attached Nessus/OpenVAS scan report for our production
environment, prioritise all findings with CVSS >= 6.0. Factor in:
public exploit availability, internet exposure, and asset criticality.
Output a patching roadmap with estimated remediation effort per item.

SSH and remote access hardening Hardening

Review and harden SSH daemon configuration against common attack vectors such as brute force and weak ciphers.

Review the attached /etc/ssh/sshd_config. Identify misconfigurations:
permitted root login, weak ciphers/MACs, password auth enabled,
missing idle timeouts, or absent AllowUsers restriction. Output
a hardened config with inline comments explaining each change.

■ DFIR Digital Forensics & Incident Response

Malware triage & IOC extraction Malware

Perform static and behavioural analysis on a suspicious binary and produce a structured IOC report.

Analyse the suspicious binary at /samples/unknown.exe (SHA-256: <hash>).
Perform static analysis: strings, imports, PE headers, entropy.
Identify IOCs: C2 addresses, registry keys, file drops, mutex names.
Classify the malware family if possible and output a MISP-compatible
IOC list in JSON format.

Incident timeline reconstruction Timeline

Correlate logs from multiple sources to build a chronological attack timeline from initial access to impact.

I have auth.log, syslog, and web access logs from a potentially
compromised server covering 2026-05-28 to 2026-06-01 [paste logs].
Reconstruct a chronological attack timeline: initial access vector,
lateral movement, persistence mechanisms, and data accessed.
Output as a Markdown table with timestamp, event, and MITRE ATT&CK TTP.

Data exfiltration investigation Exfil

Investigate network flow data or proxy logs for signs of large-scale or stealthy data exfiltration.

Analyse the attached network flow logs (NetFlow/PCAP) for signs of
data exfiltration over the past 7 days. Look for: large outbound
transfers to unknown IPs, DNS tunnelling patterns, beaconing at
regular intervals, and connections to known C2 ranges. Estimate
the volume exfiltrated and identify the destination endpoints.

Compromised account forensics Identity

Investigate a potentially hijacked user account by correlating authentication and activity logs.

Investigate the account jdoe@example.com for signs of compromise.
Correlate Azure AD sign-in logs, MFA events, and mail access logs
from the past 30 days. Identify: impossible travel, new device
registrations, inbox rule creation, and abnormal send volume.
Provide a yes/no verdict on compromise and recommended remediation steps.

✎ Prompt Atomisation Guide

CSI performs best when prompts are precise and focused. The following principles help you get consistent, actionable results.

One objective per prompt

Break complex tasks into discrete steps. Each prompt should have a single, measurable goal. Chain them sequentially rather than combining everything in one message.

Avoid

Scan the server, find vulns, exploit them and write a report.

Better

Scan 10.0.0.1 for open ports and fingerprint each service. List findings only.

Define scope and constraints explicitly

Always state the target, environment, and any boundaries. Ambiguous scope leads to incomplete or out-of-bounds actions.

Avoid

Check the web app for vulnerabilities.

Better

Test https://staging.example.com (in-scope only). Do not touch /admin. Report OWASP Top 10 findings only.

Specify the expected output format

Tell CSI exactly how to structure the response: table, JSON, Markdown, bullet list. This makes results easier to use downstream.

Avoid

Give me the CVEs for these services.

Better

List CVEs as a Markdown table: CVE ID | CVSS | Service | PoC available (yes/no).

Provide context upfront

Include OS version, network topology, tool output, or log excerpts before asking the question. Context-free prompts produce generic answers.

Avoid

How do I escalate privileges here?

Better

I have a shell as www-data on Ubuntu 22.04. Kernel 5.15. Here is the sudo -l output: [paste]. What are my escalation options?

Iterate: use the previous output as next input

After each response, paste the relevant output back and build on it. This keeps the analysis grounded in real data rather than hypotheticals.

Avoid

Now exploit the vulnerabilities you found.

Better

From the previous scan, port 8080 runs Tomcat 9.0.31. Identify the relevant CVE and provide a safe PoC.

✉ Support

Having trouble or need assistance? Our team is ready to help.

support@aliasrobotics.com