rolandpg/zettelforge

Zettelforge is a timely application of Anthropic's Model Context Protocol (MCP) to the Cyber Threat Intelligence (CTI) domain. Its primary value proposition is bridging the gap between raw STIX data (the industry standard for sharing threat info) and agentic workflows in Claude. Quantitatively, 15 stars in 10 days shows niche interest, but it remains a low-moat project technically. The defensibility is low (3) because it currently functions as a specialized wrapper around existing CTI standards and vector databases; the 'alias resolution' logic is the most valuable IP, but it is currently a feature rather than a platform. The project faces high platform domination risk from major security vendors like Microsoft (Copilot for Security) or CrowdStrike (Charlotte AI), who are building similar 'agentic memory' directly into their telemetry platforms. Competitively, it sits between massive open-source platforms like OpenCTI/MISP and generic RAG tools. Its opportunity lies in becoming the lightweight 'connective tissue' for security researchers using LLMs locally, though it risks obsolescence if specialized security LLMs integrate STIX-native memory by default.