Incident Analysis
Lottie Player npm Supply Chain Attack Explained
A leaked maintainer token published three trojanized versions of @lottiefiles/lottie-player to npm, targeting wallet drains. Here is the mechanics.
Jan 19, 20267 min read
Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
A leaked maintainer token published three trojanized versions of @lottiefiles/lottie-player to npm, targeting wallet drains. Here is the mechanics.
The datasets you use to evaluate model safety are themselves a supply chain, and almost nobody is treating them that way. A senior engineer's audit of how eval corpora get poisoned, contaminated, and silently drifted.
Lessons learned from a year of enterprise AI agent deployments: what worked, what failed, and what we would do differently starting now.
Mistral Large is a strong reasoning model, but remediation is more than generating a diff. We look at what Griffin AI adds for production fix workflows.
Enterprise identity is not a paywall. It is the substrate on which every other security control depends, and it is where Mythos-class vendors quietly fall behind.
Most MCP threat models confuse protocol risk with deployment risk. Here is what the real attack surface looks like after a year of production incidents.
A deep look at how Safeguard's reachability engine combines call graph construction, symbolic analysis, and runtime evidence to reduce vulnerability noise by an order of magnitude.
SWE-bench became the default benchmark for measuring AI coding agents, but the security extensions that were bolted on afterwards deserve their own scrutiny. A field review of what they measure, where they break, and whether you should trust the numbers.
Griffin uses Claude Opus as its deepest reasoning engine. Here's what triage looks like with Opus alone versus Opus running inside Griffin's eval harness.
Weekly insights on software supply chain security, delivered to your inbox.