Most AI coding tools have the same personality.
Helpful. Cautious. Apologetic.
"I can't help with that."
"Here's a safer alternative."
"This could be used maliciously, so..."
Rogue Studio has a different personality.
It assumes you're a professional. It gives you the
tool. It gets out of your way.
Here are 7 things you can actually do with it.
1. Make two AIs fight over your code until it's secure
This is the feature that started everything.
You write a prompt. Blue Team agent writes the code.
The moment it's done, Red Team agent takes over and
tries to destroy it — hunting for XSS, SQL injection,
buffer overflows, reentrancy vulnerabilities, SSRF,
path traversal.
If it finds something, it generates the actual exploit.
Sends it back to Blue Team. Blue Team patches.
Red Team audits again.
They loop until the code is clean or they hit
3 iterations — whichever comes first.
You watch it happen in a split terminal.
Blue glow on the left. Red glow on the right.
Real time.
No other AI IDE does this because it requires
running an agent whose only job is to generate
exploits against your own code. Most tools won't
touch that. Rogue Studio is built around it.
When to use this:
Writing anything that handles user input,
processes payments, touches a database,
or will eventually run on the internet.
2. Guarantee that zero bytes of your code leave your machine
Flip the Kill Switch.
That's it. One toggle in the UI and a middleware
layer in the backend instantly blocks every
external AI provider — OpenAI, Anthropic, Gemini,
Groq, DeepSeek, Together, OpenRouter — all of them.
The enforcement is server-side. Not a UI preference.
Not a setting you have to trust. An actual 403
wall that fires before any provider initialization
regardless of how the request was constructed.
The only thing that passes through is Ollama,
talking exclusively to localhost:11434.
You can read the 8 lines of middleware that make
this guarantee and verify it yourself. That's the
point of open source for this class of tooling.
When to use this:
Working on proprietary systems, client code under
NDA, anything in a regulated industry, or any time
you want certainty instead of a privacy policy
you have to trust.
3. De-obfuscate malware without getting a lecture
You paste in obfuscated JavaScript.
Something like this:
var _0x3f2a=['charAt','charCodeAt','fromCharCode'];
(function(_0x4b2d,_0x3f2a){var _0x1c3e=function(_0x2a1f){
while(--_0x2a1f){_0x4b2d['push'](_0x4b2d['shift']());}};
In most AI tools you'd get:
"I need to be careful here as this code may be malicious..."
In Rogue Studio with Reverse Engineer mode on,
you get the de-obfuscated output, reconstructed
variable names, and a plain English explanation
of what the code does. No preamble. No disclaimer.
Just the analysis.
It also handles:
When to use this:
Malware analysis, CTF challenges, reverse engineering
a competitor's minified bundle, understanding what
a dependency you didn't write actually does.
4. Generate a PoC exploit against your own smart contract
You're about to deploy a Solidity contract.
You want to know if it's vulnerable before
someone else finds out.
Click "Init Web3 Scaffold." Rogue Studio
initializes a full Hardhat project in your
workspace. Comes with a deliberately vulnerable
starter contract so you have something to audit
immediately.
Then the Black-Hat Agent generates an actual
Proof-of-Concept exploit against your local
contract — reentrancy attacks, integer overflow
exploits, access control bypasses — and runs it
against your local Hardhat node.
If your contract survives the agent's attack,
you have meaningful evidence it's not trivially
exploitable. If it doesn't survive, you found
the bug on your machine instead of on mainnet.
When to use this:
Before any smart contract deployment. Before
any security audit. When you want to test your
defenses before someone else tests them for you.
5. Deploy your project as a Tor .onion site in one click
You built something. You want to share it.
You don't want to expose your IP address.
Click "Tor Uplink."
Rogue Studio checks for your local tor binary,
spawns an http-server on a random open port,
writes a torrc hidden service config, starts
the tor daemon, polls for the hostname file
that Tor generates from an Ed25519 keypair,
and streams the bootstrap logs to your terminal
in real time.
In about 8 seconds you get back a cryptographically
generated .onion URL that routes to your local
workspace.
No account. No DNS record. No personal IP visible
to anyone accessing the URL.
Requires: brew install tor on Mac or
sudo apt install tor on Linux.
When to use this:
Sharing a prototype without exposing personal
infrastructure, distributing tools in restricted
environments, demos that need to stay off the
public internet.
6. Switch between 8 AI providers without changing your workflow
Rogue Studio has a single unified interface for:
Same terminal. Same agent loop. Same workspace.
Different provider in the dropdown.
This matters more than it sounds. Different models
have genuinely different strengths for security work.
Claude is better at reasoning about logic
vulnerabilities. GPT-4o is faster for iteration.
Local Llama is what you use when Air-Gap is on.
Being able to swap mid-session without any friction
changes how you work.
When to use this:
Comparing model outputs on the same security task,
falling back to local when your API quota runs out,
using the fastest model for generation and the
smartest model for the audit pass.
7. Use it as a normal AI coding tool that doesn't babysit you
This one sounds obvious. It isn't.
Most AI coding tools have a threshold. Push past it
and the refusals start. Not because your request is
illegal. Not because you're doing anything wrong.
Just because the tool was trained to be cautious
and a security research task looks suspicious to
a model optimized for consumer use cases.
Rogue Studio doesn't have that threshold.
You can analyze a suspicious npm package without
getting a lecture. You can write a fuzzer without
being told it could be misused. You can ask it to
find every way a function could fail without it
softening the answer.
It treats you like a professional. That's the
baseline the whole tool is built on.
When to use this:
Every day. For everything. That's the point.
The one thing all of these have in common
Every feature in this list exists because there was
a thing I wanted to do with an AI coding tool and
couldn't find a tool that would let me do it.
So I built one. And I open-sourced it because
I think other developers deserve the same thing.
→ github.com/malgatyuvraj/Rogue-Studio
It's MIT licensed, TypeScript strict, ESLint clean.
Good first issues are labeled if you want to
contribute. PRs get reviewed fast.
If any of these use cases match something you've
been trying to do — give it a try and let me know
what you think.
Which of these would you actually use? Genuinely
curious whether the Air-Gap mode or the Red Team
swarm is more interesting to developers in practice.
rougestudio.vercel.app
More...
Helpful. Cautious. Apologetic.
"I can't help with that."
"Here's a safer alternative."
"This could be used maliciously, so..."
Rogue Studio has a different personality.
It assumes you're a professional. It gives you the
tool. It gets out of your way.
Here are 7 things you can actually do with it.
1. Make two AIs fight over your code until it's secure
This is the feature that started everything.
You write a prompt. Blue Team agent writes the code.
The moment it's done, Red Team agent takes over and
tries to destroy it — hunting for XSS, SQL injection,
buffer overflows, reentrancy vulnerabilities, SSRF,
path traversal.
If it finds something, it generates the actual exploit.
Sends it back to Blue Team. Blue Team patches.
Red Team audits again.
They loop until the code is clean or they hit
3 iterations — whichever comes first.
You watch it happen in a split terminal.
Blue glow on the left. Red glow on the right.
Real time.
No other AI IDE does this because it requires
running an agent whose only job is to generate
exploits against your own code. Most tools won't
touch that. Rogue Studio is built around it.
When to use this:
Writing anything that handles user input,
processes payments, touches a database,
or will eventually run on the internet.
2. Guarantee that zero bytes of your code leave your machine
Flip the Kill Switch.
That's it. One toggle in the UI and a middleware
layer in the backend instantly blocks every
external AI provider — OpenAI, Anthropic, Gemini,
Groq, DeepSeek, Together, OpenRouter — all of them.
The enforcement is server-side. Not a UI preference.
Not a setting you have to trust. An actual 403
wall that fires before any provider initialization
regardless of how the request was constructed.
The only thing that passes through is Ollama,
talking exclusively to localhost:11434.
You can read the 8 lines of middleware that make
this guarantee and verify it yourself. That's the
point of open source for this class of tooling.
When to use this:
Working on proprietary systems, client code under
NDA, anything in a regulated industry, or any time
you want certainty instead of a privacy policy
you have to trust.
3. De-obfuscate malware without getting a lecture
You paste in obfuscated JavaScript.
Something like this:
var _0x3f2a=['charAt','charCodeAt','fromCharCode'];
(function(_0x4b2d,_0x3f2a){var _0x1c3e=function(_0x2a1f){
while(--_0x2a1f){_0x4b2d['push'](_0x4b2d['shift']());}};
In most AI tools you'd get:
"I need to be careful here as this code may be malicious..."
In Rogue Studio with Reverse Engineer mode on,
you get the de-obfuscated output, reconstructed
variable names, and a plain English explanation
of what the code does. No preamble. No disclaimer.
Just the analysis.
It also handles:
- Compiled WASM → reconstructed human-readable logic
- Minified production bundles → readable AST
- Packed executables → behavioral breakdown
- Obfuscated Python → cleaned variable names and flow
When to use this:
Malware analysis, CTF challenges, reverse engineering
a competitor's minified bundle, understanding what
a dependency you didn't write actually does.
4. Generate a PoC exploit against your own smart contract
You're about to deploy a Solidity contract.
You want to know if it's vulnerable before
someone else finds out.
Click "Init Web3 Scaffold." Rogue Studio
initializes a full Hardhat project in your
workspace. Comes with a deliberately vulnerable
starter contract so you have something to audit
immediately.
Then the Black-Hat Agent generates an actual
Proof-of-Concept exploit against your local
contract — reentrancy attacks, integer overflow
exploits, access control bypasses — and runs it
against your local Hardhat node.
If your contract survives the agent's attack,
you have meaningful evidence it's not trivially
exploitable. If it doesn't survive, you found
the bug on your machine instead of on mainnet.
When to use this:
Before any smart contract deployment. Before
any security audit. When you want to test your
defenses before someone else tests them for you.
5. Deploy your project as a Tor .onion site in one click
You built something. You want to share it.
You don't want to expose your IP address.
Click "Tor Uplink."
Rogue Studio checks for your local tor binary,
spawns an http-server on a random open port,
writes a torrc hidden service config, starts
the tor daemon, polls for the hostname file
that Tor generates from an Ed25519 keypair,
and streams the bootstrap logs to your terminal
in real time.
In about 8 seconds you get back a cryptographically
generated .onion URL that routes to your local
workspace.
No account. No DNS record. No personal IP visible
to anyone accessing the URL.
Requires: brew install tor on Mac or
sudo apt install tor on Linux.
When to use this:
Sharing a prototype without exposing personal
infrastructure, distributing tools in restricted
environments, demos that need to stay off the
public internet.
6. Switch between 8 AI providers without changing your workflow
Rogue Studio has a single unified interface for:
- OpenAI (GPT-4o, o1, o3)
- Anthropic (Claude Sonnet, Opus, Haiku)
- Google (Gemini 2.0, 2.5)
- Groq (Llama 3.3, DeepSeek-R1)
- DeepSeek (V3, R1)
- Together AI (open source models)
- OpenRouter (everything else)
- Ollama (local models — Llama, Mistral, Qwen, Phi)
Same terminal. Same agent loop. Same workspace.
Different provider in the dropdown.
This matters more than it sounds. Different models
have genuinely different strengths for security work.
Claude is better at reasoning about logic
vulnerabilities. GPT-4o is faster for iteration.
Local Llama is what you use when Air-Gap is on.
Being able to swap mid-session without any friction
changes how you work.
When to use this:
Comparing model outputs on the same security task,
falling back to local when your API quota runs out,
using the fastest model for generation and the
smartest model for the audit pass.
7. Use it as a normal AI coding tool that doesn't babysit you
This one sounds obvious. It isn't.
Most AI coding tools have a threshold. Push past it
and the refusals start. Not because your request is
illegal. Not because you're doing anything wrong.
Just because the tool was trained to be cautious
and a security research task looks suspicious to
a model optimized for consumer use cases.
Rogue Studio doesn't have that threshold.
You can analyze a suspicious npm package without
getting a lecture. You can write a fuzzer without
being told it could be misused. You can ask it to
find every way a function could fail without it
softening the answer.
It treats you like a professional. That's the
baseline the whole tool is built on.
When to use this:
Every day. For everything. That's the point.
The one thing all of these have in common
Every feature in this list exists because there was
a thing I wanted to do with an AI coding tool and
couldn't find a tool that would let me do it.
So I built one. And I open-sourced it because
I think other developers deserve the same thing.
→ github.com/malgatyuvraj/Rogue-Studio
It's MIT licensed, TypeScript strict, ESLint clean.
Good first issues are labeled if you want to
contribute. PRs get reviewed fast.
If any of these use cases match something you've
been trying to do — give it a try and let me know
what you think.
Which of these would you actually use? Genuinely
curious whether the Air-Gap mode or the Red Team
swarm is more interesting to developers in practice.
rougestudio.vercel.app
More...