CIRCL - Request for Proposals for Software Development (2025-05)
The scope of the RfP is the supply of software development support to CIRCL within the AIPITCH project (101190545 — AIPITCH — DIGITAL-ECCC-2024-DEPLOY-CYBER-06).
The candidate supplier must submit an offer for a single package. The candidate supplier can select the package for which he wishes to bid. The RfP falls into the category of “MARCHÉS PUBLICS DE FAIBLE ENVERGURE”.
Package 01 (WP5)
1. Design and Implementation of X.509 Certificate Collection Mechanism
The bidder must:
- Design a new data structure to support efficient and scalable collection, storage, and processing of X.509 certificates.
- Implement a new collection mechanism for X.509 certificates including cryptographic materials, ensuring reliability, performance, and extensibility.
- Develop an API for CTI users to access, query, and integrate the collected certificate data with their workflows and existing CTI platforms.
- Ensure compatibility with existing CIRCL backend components and follow best practices for secure data handling.
2. Review and Alignment of CTI Reports with MISP Standards
The bidder must:
- Review existing CTI reports, data structures, and output formats relevant to the project.
- Ensure that all analysed or transformed CTI information aligns with established MISP standards and taxonomies.
- Provide recommendations and, when required, implement adjustments for improved interoperability with MISP and related CIRCL tooling.
- Support the refinement of existing MISP data models when beneficial to the broader community.
3. Improvement of Image Detection Strategies Using AI
The bidder must:
- Analyse current image processing and detection approaches used in CTI platforms such as AIL and MISP.
- Propose and implement enhancements leveraging various AI/ML algorithms (e.g., CNNs, transformers, multimodal models).
- Improve image classification, recognition, and similarity processing pipelines to increase accuracy and performance.
- Ensure the developed methods can be integrated as modular components within AIL, MISP, and related CIRCL open-source tools.
Overall Delivery
- Documented design specifications, implementation details, and API references.
- Source code compliant with CIRCL coding guidelines and released under appropriate open-source licenses.
- Technical documentation and operational instructions for all developed components.
- Periodic progress updates and participation in technical review meetings with CIRCL.
- Bidder can be present on-site in CIRCL premise.
Package 02 (WP5)
The bidder shall provide advanced software engineering and AI expertise to extend the capabilities of MISP within the broader Cyber Threat Intelligence (CTI) workflow. All development shall follow CIRCL’s standard open-source processes, including documentation, quality assurance, and community-driven development practices.
1. Extension of MISP to Support AI Algorithms in the CTI Process
The bidder must:
- Design and implement new MISP components or extensions enabling the integration of AI/ML algorithms throughout the CTI lifecycle (ingestion, enrichment, correlation, clustering, detection, and analysis).
- Develop modular and interoperable interfaces allowing MISP instances to leverage external or embedded AI models.
- Ensure that AI-driven features can operate on structured and unstructured CTI data, such as events, attributes, taxonomies, sightings, and contextual metadata.
- Provide mechanisms for explainability, logging, and traceability of AI-driven decisions, ensuring alignment with best practices for transparency in CTI operations.
- Maintain compatibility with the existing MISP architecture, APIs, and data models.
2. AI Support Expertise
The bidder must:
- Provide domain expertise in machine learning and applied AI methodologies relevant to CTI, including but not limited to natural language processing, clustering, anomaly detection, enrichment automation, and correlation strategies.
- Support the evaluation, benchmarking, and selection of suitable AI algorithms for different CTI use cases.
- Develop reproducible training, testing, and deployment workflows that can be maintained within the MISP ecosystem.
- Document AI model assumptions, expected performance, and operational requirements.
- Collaborate with CIRCL and the MISP community to ensure AI-related components are scalable, maintainable, and aligned with open-source principles.
Deliverables
- Fully implemented MISP extensions or modules enabling AI/ML functionality.
- Documentation covering architecture, APIs, model integration workflows, and deployment guidelines.
- Source code released under CIRCL-approved open-source licenses.
- Technical reports on evaluated AI techniques, including performance assessments and recommendations.
- Participation in technical review meetings and iterative development discussions.
Bid submission
The offers are to be submitted to info@circl.lu before the 6th January 2026 12:00 CEST in ASCII or PDF format. The offer proposal must be separated per package. The offer must at least include a description of the package proposed, technical details and clearly mention 101190545 — AIPITCH — DIGITAL-ECCC-2024-DEPLOY-CYBER-06 - Package NUMBER.
The bidder can only bid for one package.
The bidder must fill an OCA as requested by the ECCC.
Selection criteria
- (1) Compliance with specifications;
- (2) Pricing;
- (3) Past performance of the bidder;
- (4) Maintenance cost with existing infrastructure;
Delivery location
The offers must include the delivery to the following addresses located in Luxembourg:
CIRCL - Computer Incident Response Center Luxembourg
c/o "Luxembourg House of Cybersecurity" g.i.e.
122, rue Adolphe Fischer
L-1521 Luxembourg
Grand-Duchy of Luxembourg
Classification of this document
TLP:WHITE information may be distributed without restriction, subject to copyright controls.
Revision
- Version 1.0 December 4th, 2025 Initial version TLP:WHITE.