Why We Created Fabius
From AI Coding Enthusiasm to the Need for Defense
Fabius began with a very concrete problem.
As an IT specialist and enthusiast of AI-assisted software development, I started to see how quickly a product can be built today. With an AI agent, a modern IDE, a few open-source libraries, and good prompts, you can generate features at a pace that would have seemed impossible just a few years ago.
But speed comes at a cost.
The codebase grows rapidly. Dependencies pile up quickly. Libraries change fast. AI agents propose solutions, install packages, modify files, create configurations, and sometimes touch sensitive areas without you having time to check every detail.
At first, the problem seemed one of discipline: to check more carefully, read more, and better control what enters the project.
Then I realized it was no longer a discipline problem.
It was a scale problem.
You Can’t Manually Check an Ecosystem That Changes Daily
Every week, new attacks emerge on the software supply chain. Some target popular packages. Others use installation scripts. Some hide in IDE configurations, Git hooks, lock files, AI agent rule files, or seemingly mundane mechanisms in a developer’s workflow.
Glassworm. CanisterWorm. Axios supply chain RAT. Attacks via IDE workspaces. Prompt injection. Credential theft through AI tool exploitation.
The list doesn’t shrink.
On the contrary, it keeps growing.
And this fundamentally changes the question.
It’s no longer enough to ask:
“Is my code vulnerable?”
You must also ask:
“What happens on my computer before this code reaches the repository, CI, or production?”
For me, this was the turning point.
I realized I couldn’t rely solely on a SAST or SCA tool running in CI/CD. CI is important, but it comes too late. If a malicious package has already been installed, if a postinstall script has already run, if an AI agent has already introduced a dangerous configuration, if a cloned repository has already triggered something in the IDE, then the problem is no longer just in the pipeline.
The problem is already on the developer’s workstation.
I needed protection closer to where the risk begins: on the developer’s computer.
From Reaction to Prevention
The first idea was simple: automate protection against the attacks I was seeing.
If an attack used compromised packages, I needed live blocklists and pre-install hooks to stop installation before the package reached the project.
If an attack used dangerous IDE configurations, I needed local detection for workspaces, tasks, hooks, and hidden executions.
If an attack relied on malicious instructions for AI agents, I needed clear rules telling agents what they’re not allowed to do.
If a vulnerability appeared in a used library, I needed impact analysis, upgrade proposals, clear diffs, tests, and linters that not only check for the existence of the problem but also ensure the fix holds.
The list kept growing.
This is how Fabius began: not as a large platform, but as a collection of defensive mechanisms born from the need to protect myself in my daily work.
Initially, Fabius covered a few types of attacks. Then, each new incident added a lesson. Each lesson became a detector, a rule, a guard, a test, a workflow, or an automation.
Over time, the product grew beyond the idea of a scanner.
It became an AI cybersecurity foundry for developers.
Why Developers Have Become Prime Targets
Modern attacks no longer target just servers, exposed applications, or cloud infrastructure.
They also target the developer.
The developer has access to code. They have tokens. They have keys. They have access to registries, repositories, pipelines, clusters, products, clients, and infrastructure. In many organizations, a developer’s computer is one of the most valuable entry points.
And today, developers work faster than ever.
They clone repositories. Run installation commands. Open projects in modern IDEs. Accept suggestions from AI agents. Test libraries. Perform upgrades. Integrate tools. Automate workflows.
All at high speed.
This creates an enormous attack surface.
I’ve even seen situations where a simple recruitment process could become an attack vector: you receive a repository for a technical test, clone it, open it in your IDE, and without realizing it, your local environment becomes the target of an attack.
This is the new reality.
Risk doesn’t begin only when code reaches production.
Risk can begin when you open the folder.
Fabius: Protection Where the Risk Begins
Fabius was created to move defense closer to the developer.
Not just after commit.
Not just in CI.
Not just after a vulnerability appears in a report.
But before.
Before a problematic library is installed.
Before an AI agent adds a risky dependency.
Before a malicious repository exploits the IDE’s configuration.
Before a compromised package runs on your computer.
Fabius monitors security sources, classifies threats, generates detection rules, scans local repositories, and proposes fixes. But the most important part is its philosophy: it doesn’t stop at detection.
Fabius aims to prevent.
That’s why it equips repositories with defensive layers like:
- Git hooks;
- Rules for AI agents;
- Install guards;
- Linters;
- Security tests;
- CI/CD gates.
And if a new threat emerges, Fabius should help you quickly turn it into a rule, a test, a fix, and a prevention mechanism.
This is the shift in philosophy:
from correction to prevention,
from reaction to continuous monitoring,
from scanner to AI-driven security foundry.
From Protection Tool to Security Foundry
Fabius isn’t just a tool that tells you you have a problem.
It’s a platform where you can create your own analysis, detection, and remediation mechanisms.
You can start from an idea, a new attack, an advisory, a suspicious package, or a security rule you want to enforce in your projects. Fabius helps you turn that idea into an analyzer, a scanner, a test, a fix, or a reusable rule.
This changes the developer’s role.
You’re no longer just the person waiting for a security vendor to integrate a detection sometime in a centralized tool.
You can build your own defense.
You can manage impact on code.
You can receive real-time alerts with automated fixes.
You can check which processes communicate externally and where they send data.
You can be notified when something seems suspicious.
And where it makes sense, you can even block traffic.
Fabius started with a few possible attacks and evolved into a broader platform: a space where developers can detect, defend, prevent, remediate, and build their own security tools.
Who Is Fabius For?
Fabius is for developers who use AI, open source, package managers, modern IDEs like VS Code, coding agents, modern pipelines, and fast tools.
In other words, for almost all developers today.
It’s for those who don’t want to choose between speed and safety. For those who want to build quickly but not blindly. For those who understand that supply chain security is no longer just an enterprise team problem but a daily issue for any developer.
Fabius is for developers who install libraries, clone repositories, accept suggestions from AI agents, test new frameworks, perform upgrades, automate workflows, and work in a constantly changing software ecosystem.
In other words, for people who build software in the real world, not in an isolated lab.
And for them, security can no longer be just a report that appears at the end of a pipeline. It must be present where work begins: on the workstation, in the IDE, in the package manager, in the AI agent, in the repository, and in every seemingly mundane technical decision.
Why Technological Independence Matters
Fabius is designed to be accessible to developers worldwide, but it also has a clear European mission.
Developers in the European Union need powerful, accessible tools built with respect for privacy, control, and technological sovereignty.
Not all teams can or will depend entirely on major infrastructure providers and hyperscalers. Not all projects can send sensitive data anywhere. Not all organizations can treat security as an enterprise luxury.
That’s why Fabius is built with the idea that supply chain protection must be close to the developer, easy to use, and as independent as possible from hard-to-control infrastructures.
Security shouldn’t be available only to very large companies.
It should be accessible to individual developers, small teams, startups, freelancers, open-source communities, and European organizations that want to build software securely.
The Connection with Revzper
Fabius isn’t a product born outside Revzper’s vision.
On the contrary, it’s one of its most natural extensions.
The Revzper platform was created with a clear goal: to facilitate AI adoption with the most positive impact on the job market.
We’re not blind. We see that AI will profoundly transform intellectual work. We see that it will impact at least a significant part of the white-collar sector. We see that many professions will be pressured to adapt quickly, and for many specialists, the question won’t be whether they use AI but whether they can use it well enough to remain relevant, productive, and valuable.
From the start, Revzper asked:
“How do we help specialists benefit from AI instead of being displaced by it?”
Our answer is to build tools that allow people to create faster, work better, and turn their expertise into concrete results.
If, across various professional segments, we help specialists create faster with AI while monetizing what they create, then these specialists can actively participate in the new AI economy—not just as passive users of large platforms but as people who amplify their own expertise.
In this sense, Fabius’s recent direction—toward an AI cybersecurity foundry—aligns perfectly with Revzper’s vision.
Today, Fabius helps developers detect, prevent, remediate, and automate defense against software supply chain attacks. But at its core, the idea is even bigger: to allow specialists to turn their security knowledge into concrete tools.
A specialist who understands an attack should be able to create a detector.
A developer who discovers a risky practice should be able to create a rule.
An expert who finds a good fix should be able to turn that fix into a reusable mechanism.
A professional who sees a new risk should be able to quickly build protection for others.
We’re not yet at the point where Fabius users can directly monetize their security products, fixes, rules, or expertise created in the platform.
But the direction is clear.
Fabius will certainly evolve in this direction.
Because, in Revzper’s vision, AI shouldn’t just be a force that automates specialists’ work.
It should also be a force that helps them create more, distribute more easily, get paid for their expertise, and remain important players in the emerging job market.
Fabius is, therefore, more than a cybersecurity product.
It’s a concrete demonstration of what we want to build with Revzper: platforms where specialists use AI to become stronger, not more dispensable.
All in good time.
Why the Name Fabius
The name Fabius comes from Quintus Fabius Maximus, the historical figure known for patience, strategy, and carefully calculated defense.
It seemed like a fitting name for what I’m trying to build.
Real cybersecurity isn’t a single battle. It’s not a single patch. It’s not a single scanner. It’s not an impulsive reaction to the latest incident.
It’s a daily, hard, repetitive struggle where you must observe, understand, adapt, and prevent.
You must think in layers.
You must revisit decisions.
You must check what has changed.
You must turn information into action.
For an individual developer, this burden becomes impossible to manage manually.
On average, about 130–132 CVE vulnerabilities are published globally every day. It’s inhuman to manually track this volume, understand it, connect it to your own projects, and turn every risk into concrete actions.
That’s why Fabius exists.
Fabius takes some of this burden off the shoulders of developers who have become prime targets for value chain and supply chain attacks.
Because no developer wants to be the victim of such an attack.
And for the good of all of us, developers need stronger, more accessible tools closer to the real cybersecurity battles fought every day.
Conclusion
Fabius was born from a personal need, but the problem is global.
AI has accelerated software development. Open source has accelerated code distribution. Modern ecosystems have accelerated integration. But attackers have accelerated too.
In this new context, developers need tools that work at the same speed as threats.
Fabius is my answer to this reality: a platform that detects, defends, prevents, remediates, and helps developers turn the chaos of supply chain security into a daily protection system.
But Fabius is also a piece of a larger vision: that AI should help specialists become more productive, more protected, and, over time, more capable of turning their expertise into economic value.
From correction to prevention.
From reaction to monitoring.
From scanner to AI-driven security foundry.
From AI as a risk to the job market to AI as a tool to amplify expertise.
No developer wants to become a victim of an attack through a library, a repository, an AI agent, an IDE, or a hidden configuration.
And for the good of all of us, developers need stronger, more accessible tools closer to where the risk begins.
That’s why we created Fabius.
And that’s why Fabius is part of Revzper.