Skip to content

About

Centaur Agent is the AI security operations agent developed at Centaur Security Labs. Throughout this site's build journal and development documentation, it is referred to by its internal development codename — ARCHER — which is retained for codebase consistency. The evaluation framework built alongside it is Centaur Eval (internal codename: AgentEval).


Centaur Agent is the first experimental project at CSL. The concept was simple: build a local-first AI penetration testing agent from scratch, run it against real targets, document every failure. Six weeks in, the agent worked. What also emerged was 130+ diagnosed failure classes, a taxonomy of the structural reasons AI fails in security roles, and a three-layer architecture for building systems that hold up.

The failures turned out to be more interesting than the successes.

The finding wasn't "the models aren't good enough." The models were fine. The finding was that most AI security tools place probabilistic reasoning in roles that require deterministic correctness — and then compensate with prompt engineering until the system is too fragile to trust. Every parser written to handle output variation, every fallback added when the model doesn't follow a format, every safety check inserted after generation — each is evidence that the responsibility partition was wrong from the start.

That structural failure has a name: the Stochastic Trap. The architecture that avoids it has a name too: the Centaur Framework.

That was the start of Centaur Security Labs: experiments at the intersection of AI and cybersecurity, run against real targets, with the data and lessons published openly.


Jay Hawkins — Principal Researcher

My career began in the infantry with the 82nd Airborne, where I deployed to Iraq as part of OIF. After that, I pivoted to Communications, where I first discovered a passion for learning and problem solving. In my last 10 years, I served as a Senior Cybersecurity Analyst and as a Military Planner - where cyber was still in its early development. During this time I was privileged with access that allowed me to solve harder problems that weren't yet addressed in military doctrine or codified processes. It was a time of open exploration and development. During that time, we (those of us serving in these early cyber units) were able to build the way forward.

That was a process I fell in love with, and it's exactly what drives me toward working these problems at Centaur Security Labs now. I've worked both offensive and defensive cyber operations - securing strategic networks and critical infrastructure, coordinating cyber effects operations globally - while serving across USCYBERCOM, USCENTCOM, USNORTHCOM, and USEUCOM.

I build security tools because I genuinely enjoy this process of discovery and exploration - finding the way forward. This mindset has taught me there's always a better way, and finding it just requires building things, breaking them, recording lessons learned, and starting over with better knowledge than you had before. This is how knowledge is earned and skill is built over time.


Why This Lab

This started as a passion project — personal curiosity about what it actually looks like to operationalize AI for hard cybersecurity problems, not in theory but in practice, on real hardware, against real targets, collecting actionable lessons along the way.

The deeper I went into the process, the more I wanted to document it with honesty and transparency so others could benefit from it: what data could be collected and learned from, what methods worked, what didn't, what surprised me, and why. AI in security is moving fast and there are genuinely hard questions about how to do it well — around architecture, technologies, methodologies, auditability, and reliability in production environments. I don't claim to have all the answers. The point is to explore the questions seriously, share what I learn, and push the work forward.

Centaur Security Labs is where that exploration lives. If you're working on the same problems or thinking about them from a different angle, I'd like to connect.


On AI Collaboration

This work was built in active partnership with AI systems — not in the background, and not as a polishing pass.

The code, the articles, the research design, and the ideas were all developed in genuine collaboration with AI across the board. That means the AI wasn't used to autocomplete boilerplate or clean up prose after the fact. It was instrumental in helping me explore and understand ideas that were beyond my existing knowledge-set. It broadened and deepened my understanding of complex problems. It acted as an advisor in areas where I was weak. It aided in failure analysis. It extended my reach beyond the limits of my cognitive capacity. Every major artifact in this project was in some way shaped by that partnership. Part of the lesson has been to set aside ego and develop a willingness to accept what I don't know — and to find ways to incorporate AI to enhance my knowledge, skills, abilities, and speed to fill those gaps. This method enabled learning at a breadth and depth I've never experienced before, while creating at an even faster pace.

This is not a disclosure buried in a footer. It is the point.

ARCHER is built on that same principle — and so is this lab. The Centaur Model paper describes the architecture and the reasoning behind it in full.

What the AI contributed: speed, breadth, code generation, pattern recognition, and a tireless willingness to engage with and expand upon half-formed ideas. What I contributed: direction, curiosity, operational context, risk judgment, the ability to recognize when the AI was confidently wrong, the right balance of trust, skepticism, and accountability for the final output. Those things are not interchangeable. The Centaur Model paper explains why.

The benchmark here — for all of it — is honest, transparent, open, high-quality work that I stand behind. If an AI-assisted article holds up to scrutiny, advances understanding, and is clearly labeled as to how it was produced, it meets the standard.


Professional Background

Current status: Transitioning to the private sector. Final retirement date from the Army: January 31, 2027. Seeking senior-level roles at the intersection of Cybersecurity Research, Incident Response, Detection Engineering, and AI Security Tooling.

Clearance: Active TS/SCI.

Certifications: CEH, CHFI, Pentest+, Security+. Currently studying for the CISSP.


Connect

Direct, technical discussions welcome.

[email protected]  ·  LinkedIn