Frequently Asked Questions

Yes. After installation, Syd requires zero internet. All LLM inference uses Qwen 2.5 14B running locally via llama-cpp-python, and all knowledge retrieval uses local FAISS indexes. It has been tested and deployed in air-gapped environments including SCIFs, hospital networks and government infrastructure. There are no phone-home calls, no telemetry and no hidden dependencies.

Syd achieves a 9.27/10 average across all Pro tools, tested against real security engagements:

• Nmap: 96.7% (4/4 scan types)
• YARA: 9.84/10 (5/5 tests)
• BloodHound: 10/10
• NetExec: 9.2/10
• Volatility: 8.13/10 (15/15 questions)

ChatGPT and Claude are cloud-based, generic LLMs. They regularly invent CVEs, suggest exploits for services you didn't scan, and have no knowledge of your specific tool output. Syd's fact-extraction architecture grounds every answer in what your tool actually found.

When you paste tool output, Syd runs a deterministic fact-extraction pass first, pulling out specific, verifiable data points (open ports, service versions, process names, matched YARA rules, etc.) using regex parsers specific to each tool. Only these verified facts are passed to the LLM as context, along with retrieved knowledge from the FAISS index. The LLM is then constrained to answer based on those facts. This prevents hallucination at the source rather than trying to detect it after the fact.

Minimum: Windows 10/11 (or Ubuntu 20.04+), 4-core CPU, 16 GB RAM, 15 GB storage, Python 3.10+

Recommended: Windows 11, 8+ cores, 24 GB RAM, 25 GB storage

RAM note: With 8 GB RAM the analysis tabs work fine but Ask Syd chat becomes very slow (30+ min response). 16 GB is the minimum for a usable experience.

Pro / Enterprise EXE: No Python required. All dependencies bundled. Windows 10/11 only.

• Community (Free): Nmap, BloodHound, Volatility. Open source, MIT licence, community support, manual Python setup
• Pro (£250/yr): All Community tools + YARA, NetExec, PCAP. Certified pre-built EXE, SHA256-signed, commercial licence, 5-day email support, offline update packs
• Enterprise (£1,000/yr): All Pro tools + Metasploit integration (module browser, RC builder, interactive launcher), 24hr support, phone/video support, report builder

Pro / Enterprise: Download the signed EXE on a connected machine, verify the SHA256 hash, transfer via USB. Run the EXE. No installation needed.

Community: Clone the repo and run pip download -r requirements.txt -d ./packages on a connected machine. Copy everything (code, packages, model files) to USB and install offline with pip install --no-index --find-links=./packages -r requirements.txt. See the Download page for the full guide.

Pro and Enterprise customers receive quarterly encrypted ZIP update packs containing updated knowledge bases and bug fixes. Download on a connected machine, verify the SHA256 hash, transfer via USB to your air-gapped environment. No internet required on the target machine at any point.

No, and this is intentional. Syd retrieves and presents verified exploit commands, Metasploit modules and Exploit-DB references based on what your scan actually found. It acts as an expert guide to known exploits rather than generating novel attack code. This makes its recommendations reliable and actionable rather than speculative.

Yes. We offer discounts for teams of 5 or more users. Contact info@sydsec.co.uk with your requirements and we'll put together a custom quote for your organisation.

Syd is a security research tool and may trigger false positives because it contains signatures related to security tools and vulnerability databases. This is normal. Solution: Add the Syd folder to your antivirus exclusions. On Windows Defender: Settings → Virus & threat protection → Manage settings → Exclusions → Add a folder. Pro and Enterprise binaries are SHA256-signed so you can verify their integrity independently.

Syd uses Qwen 2.5 14B (Q5_K_M GGUF) via llama-cpp-python, built without AVX2 instructions for maximum hardware compatibility. The Community Edition source is open so you can experiment with other GGUF-compatible models, though accuracy scores are only validated for Qwen 2.5 14B.