🧩 Software Supply Chain Security
- Shadow Supply Chain: Simulates real-world transitive dependency attacks.
- DepLoom: Visualizes hidden dependencies in software supply chains.
- ChainSaw: CLI tool to trace and sever risky dependency chains.
- SecPatchSim: Simulates patch timing risks in third-party components.
- ModGuard: Enforces module trust policies in your build pipeline.
- TrustedBuilder: Hardens your build systems against tampering and injection.
🤖 AI/ML Security
- AI Drift: A study in hallucinating threat models using generative AI.
- PromptFence: Guardrails against prompt injection and LLM misuse.
- ModelTamer: Tool for controlling over-permissive ML behaviour.
- VectorSentry: Monitors for malicious vector store abuse in RAG pipelines.
- LangLeak: Detects and remediates unintentional LLM info leaks.
- AIPromptHound: Tracks and audits prompt modifications across flows.
🔐 General AppSec / DevSecOps
- FDX Role Audit Tool: Automates overpermission checks for Snowflake roles.
- ThreatLinter: CI plugin to lint threat models and catch gaps early.
- SecPath: Maps sensitive data flows to control access risks.
- AutoFixer: Automatically remediates common Iac security misconfigurations.
Want to know more or collaborate? [Head to the Contact page]