Detect. Defend. Prevent. Remediate.

AI-powered threat intelligence that automatically identifies supply chain attacks, generates detection rules, prevents future installs, and proposes fixes — before your code is compromised.

Download See How It Works
Supply Chain Defense Platform

Why Fabius?

Fabius is named after Quintus Fabius Maximus Verrucosus, the Roman general who defeated Hannibal through careful, strategic defense — not just remediation, but prevention

AI-Powered Intelligence

Monitors security feeds and uses AI to classify threats, generate detection code, and create remediation plans automatically.

Real-Time Scanning

Scans your repositories for Glassworm, CanisterWorm, Axios attacks, and every new threat as it's discovered.

Smart Remediation & Prevention

Proposes specific fixes with full diffs, and instruments your codebase with 5 defense layers — even if you have no problems today.

Configurable Sources

Pre-configured with Snyk, GitHub Advisory DB, and more. Add your own sources and mark trust levels.

Agent Workflows

Generates agent workflow files for each threat and distributes them to all your repositories automatically.

Desktop Notifications

Lives in your system tray. Instant alerts for new threats. Click to review and fix — or let Fabius handle it.

Europe-Sovereign Tech

Built with European technology. Hosted in France. Leveraging EU AI (Mistral) and privacy-first infrastructure. GDPR by design.

How It Works

Multiple intelligence sources feed into a unified AI pipeline that classifies, detects, fixes, and prevents threats automatically.

News Monitor

Cybersecurity feeds — Snyk, GitHub, npm advisories and your own custom sources.

Vulnerability Monitor

Continuous tracking of known CVEs and zero-days across all dependency trees.

Network Traffic

Real-time monitoring of outbound connections, suspicious IPs, and anomalous traffic patterns.

Code Analysis (SAST)

Static analysis via Code Radar — vulnerable patterns, dead code, and complexity hotspots.

Custom Tools

Build your own analysis tools — scan for anything you care about using the Fabius tool builder.

Malware Bridge

Real-time malware signature matching and behavioral analysis integration.

Coming Soon
1

Classify

AI analyzes each advisory and classifies it — affected packages, severity, attack vector, IoCs.

2

Detect

AI generates detection code and scans all your local repositories for the new threat.

3

Fix

Proposes specific remediation with backups. You approve, or enable auto-fix for trusted sources.

4

Prevent

Instruments your repos with 5 defense layers — git hooks, agent rules, install guards, linter, and security tests.

Simple, Transparent Pricing

Essential protection for every developer. Upgrade when you need more power.

Most Popular
Standard
1.22 /month

Essential supply chain protection for every developer.

  • Unlimited threat scanning
  • Unlimited repositories
  • Real-time threat intelligence
  • Threat alerts
  • 20 AI fixes per month
  • Layered Prevention (6 layers)
  • Auto-apply fixes
  • Web dashboard
Download & Start Standard
Premium
8.99 /month

For developers who need unlimited AI fixes, auto-apply, and full cloud features.

  • Everything in Standard
  • Layered Prevention — 5 defense layers
  • Auto-apply fixes
  • Cross-device settings sync
  • Unlimited AI fixes (rate limits apply)
  • Web dashboard
  • Cloud backup & sync
  • Sell your fix
Download & Start Premium

All plans include EU-sovereign data processing.

Built-in Detection Engine

6 attack categories, dozens of detection patterns, zero external dependencies

CRITICAL

Glassworm Oct 2025

Invisible Unicode payload hidden inside variation selector characters (U+FE00–U+FE0F, U+E0100–U+E01EF). The malicious code is completely invisible in editors and code reviews — it hides inside what appears to be normal JavaScript.

How the attack works

  1. Attacker encodes malicious JavaScript as invisible Unicode variation selectors
  2. Payload is inserted into a legitimate-looking npm package or VS Code extension
  3. codePointAt() extracts the hidden bytes at runtime
  4. eval(Buffer.from(...)) decodes and executes the payload

What Fabius detects

  • Variation Selector characters (U+FE00–U+FE0F) in source code
  • Supplementary Variation Selectors (U+E0100–U+E01EF) — likely payload data
  • eval(Buffer.from(...)) combined with codePointAt()
  • Unicode decoder patterns (0xFE00 ↔ 0xE0100 ranges)
  • Known compromised npm packages and VS Code extensions
  • Dependencies pointing to compromised GitHub repositories
eval()Unicode PUAnpm packagesVS Code extensionsInvisible code
CRITICAL

CanisterWorm Mar 2026

Uses the Internet Computer Protocol (ICP) blockchain as a decentralized command-and-control infrastructure. Harvests developer credentials from multiple sources and exfiltrates them through blockchain canister calls that bypass traditional network security.

How the attack works

  1. Malicious package installs via postinstall script
  2. Script scans for npm tokens, Kubernetes configs, Docker secrets, SSH keys, and Solana keypairs
  3. Credentials are exfiltrated to ICP canisters (ic0.app, icp0.io)
  4. Blockchain-based C2 makes takedown nearly impossible

What Fabius detects

  • ICP blockchain endpoints (ic0.app, icp0.io, @dfinity/agent)
  • Combined credential file access (.npmrc, .kube/config, .ssh/id_rsa)
  • Suspicious child_process.exec with remote URLs
  • Suspicious postinstall/preinstall scripts with curl, wget, eval
Blockchain C2Credential theftpostinstallICP
CRITICAL

Axios Supply Chain RAT Mar 2026

Compromised versions of the popular axios HTTP library (1.14.1, 0.30.4) inject plain-crypto-js as a hidden dependency — a Remote Access Trojan dropper that stages and executes binaries on the developer's machine.

How the attack works

  1. Attacker publishes compromised axios versions to npm
  2. Compromised version adds plain-crypto-js as dependency
  3. RAT dropper executes via postinstall, stages binary payloads
  4. Projects with loose version ranges (^1.x, *) auto-upgrade to compromised version

What Fabius detects

  • Exact compromised versions in package.json (axios@1.14.1, @0.30.4)
  • plain-crypto-js in lock files
  • Unsafe version ranges that could resolve to compromised versions
  • Compromised packages installed in node_modules
Dependency injectionRATLock fileAuto-upgrade
CRITICAL
NEW — Apr 2026

IDE Workspace Trap Apr 2026

A sophisticated spearphishing attack that weaponizes VSCode workspace configurations and custom git hooks. No npm install required — simply cloning the repository and opening it in VSCode triggers the full attack chain silently.

How the attack works

  1. .vscode/settings.json — enables automatic task execution ("task.allowAutomaticTasks": "on")
  2. .vscode/tasks.json — defines a shell task that runs on folder open ("runOn": "folderOpen")
  3. The task silently runs git config core.hooksPath .githooks; git checkout main
  4. Task presentation is hidden: reveal: "never", echo: false, close: true
  5. .githooks/post-checkout — detects OS via uname, downloads platform-specific payloads
  6. Payload is piped directly to shell: curl ... | sh / wget ... | bash
  7. All output suppressed via >/dev/null 2>&1 — developer sees nothing

What Fabius detects

  • task.allowAutomaticTasks enabled in .vscode/settings.json
  • Tasks with runOn: "folderOpen" + core.hooksPath redirect
  • Stealth presentation (hidden reveal + suppressed echo)
  • Custom git hooks directories (.githooks, .hooks, hooks, .git-hooks)
  • Remote payload download + shell execution in hook scripts
  • Multi-platform payload dispatchers (macOS, Linux, Windows)
  • Output suppression during network operations
  • Comment padding obfuscation (excessive comments hiding small payloads)
  • Full kill chain detection — multi-signal scoring (0–15) for combined verdict
VSCodeGit hooksSpearphishingLinkedInNo npm installMulti-OS
HIGH

Prompt Injection & Context Poisoning 2025–ongoing

Targets AI coding assistants (Copilot, Cursor, Gemini, Claude) by injecting malicious instructions into agent configuration files. The AI assistant unknowingly executes attacker-controlled commands or exfiltrates code.

How the attack works

  1. Attacker adds hidden directives in .cursorrules, AGENTS.md, CLAUDE.md, or .gemini/settings.json
  2. Instructions override the AI's safety constraints ("ignore all previous instructions")
  3. Hidden HTML comments contain eval, fetch, or curl commands
  4. Base64-encoded payloads bypass visual inspection
  5. Zero-width Unicode characters hide malicious text

What Fabius detects

  • Override patterns: "ignore all previous instructions/rules"
  • System prompt injection: "you are now a..."
  • Safety disregard: "disregard all security/safety"
  • Hidden HTML directives with executable commands
  • Base64-encoded payloads in config files
  • Zero-width Unicode characters in agent instruction files
  • Scans all known agent config files across AI assistants
AI assistantsCopilotCursorGeminiClaudeContext poisoning
CRITICAL

Credential Theft via AI Tool Exploitation 2025–ongoing

Exploits AI coding tools to exfiltrate API keys, OAuth tokens, and secrets. Malicious code forwards environment variables containing sensitive credentials to attacker-controlled servers.

How the attack works

  1. Code reads API keys from environment variables (OpenAI, Anthropic, Gemini, etc.)
  2. Keys are forwarded via HTTP requests to suspicious domains
  3. OAuth Bearer tokens extracted from authorization headers
  4. Multiple API keys harvested in a single operation

What Fabius detects

  • Environment variable exfiltration (process.env.OPENAI_* + HTTP request)
  • OAuth token theft (Bearer + process.env patterns)
  • Token forwarding in request headers to non-standard domains
  • Suspicious outbound requests to unknown domains
  • Multi-key harvesting (multiple API keys accessed together)
API keysOAuthExfiltrationEnvironment variables

Prevention: 5 Defense Layers

Even if your code is clean today, Fabius instruments your repositories with 5 independent defense layers — so threats are blocked before they enter.

01

Git Hooks

Pre-commit scripts scan every staged file for blocked dependencies, Glassworm obfuscation patterns (eval(Buffer.from(...))), and invisible Unicode payloads. Commit is blocked instantly if a threat is found.

02

AI Agent Rules

Security directives injected into .cursorrules, AGENTS.md, .gemini/STYLE.md, and Copilot configs — AI assistants refuse to add blocked packages.

03

Pre-install Guard

A preinstall hook injected into package.json checks every npm install against the live blocklist cached in .fabius/blocklist.json. Blocked packages never enter node_modules.

04

Custom Linter

Auto-generated ESLint plugin with security rules from the threat registry — real-time detection in your editor, CI, and pre-commit.

05

Security Tests

Auto-generated fabius-security.test.js suites assert no blocked packages, no Glassworm patterns, no invisible Unicode, and no dangerous IDE configs exist in your codebase.

All layers use a live, append-only blocklist — fetched from the Fabius API and cached locally. New threats are blocked across all your repositories within minutes of discovery.

Protect Your Supply Chain

Download Fabius and start defending your repositories in under 2 minutes.

Download for Windows