Mara
R-0427 February 2026 · 5 min

Working in the open.

Why our research notes, our model cards and our evals are public, and which parts of Mara we keep closed, and why.

Security tooling has a long, complicated relationship with openness. Defensive work benefits from open knowledge: papers, talks, IOCs, playbooks. Offensive capability benefits from openness too, and not in a way anyone is grateful for. The honest position is to be specific about which is which.

What we publish.

  • Research notes, including the ones that argue against work we shipped.
  • Model cards: training data sources, refusal behaviour, known failure modes.
  • Evals, including the ones Mara fails.
  • Methodology: how we red-team the model, what we instruct it not to do, and why.

What we keep closed.

  • Weights, for now. Not because they are precious, but because we have not yet finished the work to publish them responsibly.
  • Specific dual-use prompts that mostly help attackers and only marginally help defenders.
  • Customer data of any kind. Always.

We expect to move more of the first list outwards over time, and to keep the second list short and defensible. If you think a particular line is in the wrong place, write to us. The case will be considered on its merits, in public.

Mara is a research preview from venode. Feedback, corrections and disagreements welcome, hello@venode.ai.

More notes
  1. R-01

    Reasoning about an unknown sample.

    How Mara approaches a piece of malware it has never seen before: what to look at, what to suspend judgement on, and where to begin.

  2. R-02

    Attribution under uncertainty.

    Why Mara hedges on threat-actor names, and why we believe a model that hedges well is more useful than one that names confidently.

  3. R-03

    A note on evals.

    How we measure whether Mara is actually useful for the work analysts do, not the work benchmarks pretend they do.