Supply Chain Defense Platform

Detect. Defend. Remediate.

AI-powered threat intelligence that automatically identifies supply chain attacks, generates detection rules, and proposes fixes — before your code is compromised.

Sign In See How It Works
3+ Attack Types Covered
<30m Detection Time
0 Dependencies Required

Why Fabius?

Named after the Roman general who defeated Hannibal through careful, strategic defense

AI-Powered Intelligence

Monitors security feeds and uses AI to classify threats, generate detection code, and create remediation plans automatically.

Real-Time Scanning

Scans your repositories for Glassworm, CanisterWorm, Axios attacks, and every new threat as it's discovered.

Smart Remediation

Proposes specific fixes with full diffs. Review and approve, or enable auto-apply for trusted sources.

Configurable Sources

Pre-configured with Snyk, GitHub Advisory DB, and more. Add your own sources and mark trust levels.

Agent Workflows

Generates agent workflow files for each threat and distributes them to all your repositories automatically.

Desktop Notifications

Lives in your system tray. Instant alerts for new threats. Click to review and fix — or let Fabius handle it.

How It Works

01

Monitor

Fabius polls security feeds (Snyk, GitHub, npm) every 30 minutes for new supply chain advisories.

02

Classify

AI analyzes each advisory and classifies it — affected packages, severity, attack vector, IoCs.

03

Detect

AI generates detection code and scans all your local repositories for the new threat.

04

Fix

Proposes specific remediation with backups. You approve, or enable auto-fix for trusted sources.

Built-in Protection

Fabius ships with detection for these known supply chain attacks — and learns new ones automatically

CRITICAL

Glassworm Oct 2025

Invisible Unicode payload hidden in variation selectors. Uses eval(Buffer.from) with codePointAt to execute hidden malicious code.

eval()Unicode PUAnpm packagesVS Code extensions
CRITICAL

CanisterWorm Mar 2026

Uses ICP blockchain as C2 infrastructure. Harvests npm tokens, Kubernetes configs, Docker secrets, SSH keys, and Solana keypairs.

Blockchain C2Credential theftpostinstall
CRITICAL

Axios RAT Mar 2026

Compromised axios@1.14.1 and @0.30.4 inject plain-crypto-js — a RAT dropper that stages executables via postinstall.

Dependency injectionRATLock file compromise

Simple, Transparent Pricing

Start free. Upgrade when you need unlimited AI remediation and cloud features.

Free
0 /month

Perfect for individual developers exploring supply chain security.

  • Unlimited threat scanning
  • Unlimited repositories
  • Real-time threat intelligence
  • 2 AI fixes per month
  • Cloud backup & sync
  • Web dashboard
Get Started Free
Most Popular
Standard
9 /month

For developers and small teams who need unlimited fixes and cloud sync.

  • Everything in Free
  • Unlimited AI fixes
  • Cloud backup & sync
  • Web dashboard
  • Cross-device settings sync
  • Audit trail
Start Standard
Premium
29 /month

For teams and organizations needing priority alerts, audit trails, and full compliance.

  • Everything in Standard
  • Priority threat alerts
  • Email notifications
  • Full audit trail
  • Real-time feed + email digests
  • Priority support
Coming Soon

All plans include EU-sovereign data processing via Mollie. No credit card required for Free tier.

Protect Your Supply Chain

Sign in and start defending your repositories in under 2 minutes.

Get Started