The maintainer

NextLVLHasH

Game Modder · Programmer · Ethical Hacker · Security Researcher — Greater Manchester, UK

Game Modding Programming Cybersecurity Vulnerability Research AI-Assisted Exploit Analysis HasH-Arch

One tool — then a whole distro.

Hey — I'm NextLVLHasH, a developer and security researcher from Greater Manchester, UK, and top 10% on TryHackMe. The thing I'm really building is NextLVLAICoder — an AI coding agent that hooks into the big coding models and gets them to actually cook. Almost everything else I've made, including this distro, exists to make that one tool better — and yes, it's entirely vibe-coded, AI-first from end to end. That's exactly the point: if you build this way, you'd better control the AI instead of letting it control you.

bolt

Latest — a local-AI pentest toolkit

May 2026

AI agentsBlackArch Local LLMPentesting Secure Boot · TPM

Lately I've been back deep in local AI agents. The app I'm building is designed to hook into a custom OS while still running on Windows — or honestly almost anything else. Paired with HasH-Arch, though, it turns into something else: a proper master's-level toolkit for structured cyber-security workflows, built on the BlackArch framework but heavily customised and improved for my own tooling.

For the tool documentation I leaned on Opus 4.7 with its 1M-token context and repo access to pull straight from the sources — then had it verify the details, map the Kali package data, and spot the naming differences between distros. On top of that I added my own explanations, corrections and workflow notes.

From there I built a custom agent workflow: Opus 4.7 carries out the heavier security-audit work, then hands tasks over to a locally-hosted 35B model that maps attack paths using GitHub access and the structured tool docs. The whole point is to see how useful a smaller model can be when it's given proper docs, tool maps and rules — instead of just being dropped into a terminal.

Still on the list: properly auditing the pentest agent and its tool-selection logic — whether it picks the right tools and stays inside a controlled workflow. But it's slowly starting to come together. Follow along on the roadmap and across the socials below.

mapFollow along on the roadmap

timeline

How a tool turned into a distro

It started with HelpmeGame — I built a game-playing AI just to understand, hands-on, how these models actually learn. Then I saw someone defining agents as plain files in Python, and it clicked: I built NextLVLAICoder, an agent that hooks into coding models and drives the computer the way Claude does — but on my terms.

Giving it real tools is where it got hard. Windows fought me at every turn; on Linux I tried Kali and BlackArch and hit constant instability, then landed on Arch — and went down the rabbit hole of building an entire distro just to make a single tool 100× more powerful. That distro is HasH-Arch.

And here's the thing: if I had to fight my own tools, most people will fight them harder — not everyone's put in the hours I have. So I built the stable, approachable version: the hacker's Windows — the full security toolkit, without the instability tax.

hub

Refining the methodology

multi-modelAI + pentesting

I've found 6 real bugs with AI-assisted hunting, and the big lesson was that no single model does it all. The answer is the right AI for the right job: Claude is brilliant at auditing and review but (rightly) won't write the offensive side — so NextLVLAICoder routes the audit to Claude and the heavier offensive-security generation to other models, all in an authorised, ethical-research context, with me owning the guardrails instead of the AI.

What I'm building.

smart_toy

NextLVLAICoder

flagshipmulti-model

The main event. A local coding agent that hooks into any model — Claude, Gemini, or a local LM Studio / llama.cpp endpoint — and drives the computer agentically (reads, writes, runs tools) like Claude Code, on your hardware and your terms. It never goes straight from prompt to code: every request runs a deterministic audit first (intent classification, OWASP look-ups, security prompts clamped to read-only), so the AI can't pivot itself into writing or shelling out.

sports_esports

HelpmeGame

where it started

The project that taught me how AI learns. A universal game-playing AI — it watches you play, records every input frame-by-frame, and lets you narrate your moves — Whisper turns "dodge left" into training labels. It trains CNN / LSTM / Transformer and reinforcement-learning models, merges them into one universal "meta-model", then plays autonomously through a virtual controller — all from a live dashboard.

travel_explore

ReconAtlas

OSINTlive

A live-camera OSINT mapping tool, built in ~3 hours from public APIs using AI-assisted workflows — a working proof that the technical barrier to serious recon tooling has collapsed. It grew into a genuinely useful map: plot a route and see the speed & CCTV cameras along the way.

open_in_newreconatlas.co.uk

terminal

HasH-Arch

the rabbit holev0.1 alpha

The hacker's Windows. The environment I built so NextLVLAICoder could safely wield real tools — after Windows fought it and Kali / BlackArch kept falling over. A stable, verifiable KDE Plasma fork of Arch + BlackArch: native settings & store, IR face unlock, a Secure-Boot key vault, and a GPG-signed, reproducible supply chain you can check instead of trust.

mapSee the roadmap

Also explored: StreamTrophy, a cross-platform .NET MAUI achievement tracker for streamers (paused), plus a long tail of game mods, Discord bots and community tooling.

Find me everywhere.

Run the OS I built.

HasH-Arch is everything above, shipped as a verifiable desktop.

downloadDownload HasH-Arch

infoAbout the OS