This page brings together the current public prototype materials for GIFTS. They are meant to show implementation structure, evaluation logic, and technical maturity without exposing restricted systems or data.
For most readers, the report PDF is the best starting point because it explains the prototype structure and evaluation framing. The public materials now support two follow-up paths: quick code inspection and a fuller reference-package download for local evaluation.
Best first stop for understanding the prototype structure, mechanics, and evaluation framing.
Best option for readers who want the full runnable public reference package rather than a single entry-point file. The bundle includes input and output contracts, a CloudTrail-like adaptation example, and sample output artifacts from a small reference run.
Best follow-up for readers who want to inspect the reference implementation directly.
GIFTS is currently presented as a downloadable reference package for technical evaluation. It shows the model structure, synthetic evaluation flow, forensic-style outputs, and the public input and output contracts needed for review and adaptation. It should be read as a serious reference implementation, not yet as a finished enterprise product.
This short walkthrough shows the current public adoption path in sequence: start from CloudTrail-like raw records, convert them into the GIFTS session contract, score the sessions into analyst findings, then inspect the structured outputs from a small reference run.
Begin with session-tagged CloudTrail-like records that preserve action name, source, principal identity, IP, region, user agent, and resource context.
Convert those records into the stable sessionized GIFTS contract. That is the current public handoff between provider-specific logs and the reference package.
Score validated sessions into JSONL, CSV, and markdown findings that can be used for SOC triage, identity-control review, incident reconstruction support, or red-team evaluation.
A small reference run can emit both a human-readable forensic report and a machine-readable JSON summary for comparison and downstream review.
In the sample output, the suspicious session includes a blackout interval where events are intentionally hidden. GIFTS now has two public review layers: a workflow scoring layer that ranks the session for analyst review, and a prototype reconstruction layer that can produce multiple candidate reconstructions, a recommended consensus sequence, and per-slot uncertainty values.
This is still prototype evaluation output, not a production forensic claim. The goal is to make the current method reviewable, interpretable, and easier to adapt.
The current prototype demonstrates mechanics, structure, and evaluation logic through public materials. It is best read as a technical reference package rather than as a claim about production scale or enterprise deployment.
The contact page is the best route for technical questions, clarification requests, or collaboration inquiries related to the public materials.