About CustosXI

A personal project born from curiosity, built around security, privacy, and understanding what really happens on your network.

Why this project exists

CustosXI started as a practical answer to a simple question: who is my PC talking to, and why? Over time, that question grew into a broader interest in digital hygiene - less noise, fewer hidden connections, and more control for the person sitting in front of the screen.

The project comes from a long-standing passion for technology: learning how systems work, testing ideas, breaking things safely, and building tools that are useful in real life - not just impressive on paper.

Security and privacy, by design

Security and privacy are not marketing labels here. They are the reason CustosXI exists. The app is built to help you see network activity clearly, reduce unwanted exposure, and make better decisions with local evidence.

  • Local-first analysis - traffic context stays on your machine.
  • DNS visibility - understand which domains are queried before connections are made.
  • Practical blocking - reduce trackers, ads, telemetry, and low-value domains that waste bandwidth and weaken privacy.
  • Transparent operation - no hidden cloud pipeline for your network telemetry.

Less wasted data, more control

Many apps and websites generate background traffic you never asked for: analytics endpoints, ad networks, redundant sync calls, and domains with little user value. That traffic costs data, battery, and attention - and it often carries privacy risk.

CustosXI helps you identify those patterns and act on them, including DNS-level controls, so you can cut noise, save mobile and metered data, and keep your Windows PC closer to what you actually use.

What CustosXI is (and is not)

CustosXI is a local network security monitor for Windows: visibility, investigation, and practical signals. It is freeware, developed independently in Italy, and shared openly with documentation and security contacts.

It does not replace a full antivirus suite, enterprise SIEM, or professional incident response - but it gives individuals and small teams a clear window into everyday network behavior.

AI and anomaly detection (local, no cloud)

CustosXI uses machine learning inside the application code, not a remote AI service. Traffic is analyzed on your PC by a custom Isolation Forest implementation combined with statistical baselines (Z-score, EWMA, per-IP and optional per-subnet profiles).

  • Where it runs: the Worker processes live packets; the AI / Anomaly dashboard and Settings page show metrics, scores, and feedback controls.
  • What it does: learns normal traffic patterns over time, flags unusual volume or behavior, and feeds anomaly scores into the threat decision engine alongside DNS, TLS, and reputation signals.
  • What it does not do: send your traffic to external LLM APIs, train models in the cloud, or require an OpenAI-style subscription. All model state stays local (ProgramData\CustosXI).
  • Your control: enable or tune detection in Settings → AI / Anomaly; submit false-positive or true-positive feedback from Live Traffic and block explain views.

This area is still maturing in beta - thresholds, calibration, and UI may change between releases.

Built with curiosity, improved in public beta

CustosXI is still evolving. Many features - integrations, AI tuning, Suricata workflows, database tooling, and UI polish - are actively being improved. Expect rough edges, incomplete flows, and behavior that may change release to release.

Beta feedback from real users shapes priorities. If you try it and find bugs, confusing UX, or missing docs, your reports help the next versions.

Download CustosXI Contact the project

Project owner: Giorgio Ciranni · Italy · Legal information