Supply Chain Defense Platform

Detect. Defend. Remediate.

AI-powered threat intelligence that automatically identifies supply chain attacks, generates detection rules, and proposes fixes — before your code is compromised.

Download Fabius See How It Works
3+ Attack Types Covered
<30m Detection Time
0 Dependencies Required

Why Fabius?

Named after the Roman general who defeated Hannibal through careful, strategic defense

AI-Powered Intelligence

Monitors security feeds and uses AI to classify threats, generate detection code, and create remediation plans automatically.

Real-Time Scanning

Scans your repositories for Glassworm, CanisterWorm, Axios attacks, and every new threat as it's discovered.

Smart Remediation

Proposes specific fixes with full diffs. Review and approve, or enable auto-apply for trusted sources.

Configurable Sources

Pre-configured with Snyk, GitHub Advisory DB, and more. Add your own sources and mark trust levels.

Agent Workflows

Generates agent workflow files for each threat and distributes them to all your repositories automatically.

Desktop Notifications

Lives in your system tray. Instant alerts for new threats. Click to review and fix — or let Fabius handle it.

How It Works

01

Monitor

Fabius polls security feeds (Snyk, GitHub, npm) every 30 minutes for new supply chain advisories.

02

Classify

AI analyzes each advisory and classifies it — affected packages, severity, attack vector, IoCs.

03

Detect

AI generates detection code and scans all your local repositories for the new threat.

04

Fix

Proposes specific remediation with backups. You approve, or enable auto-fix for trusted sources.

Built-in Protection

Fabius ships with detection for these known supply chain attacks — and learns new ones automatically

CRITICAL

Glassworm Oct 2025

Invisible Unicode payload hidden in variation selectors. Uses eval(Buffer.from) with codePointAt to execute hidden malicious code.

eval()Unicode PUAnpm packagesVS Code extensions
CRITICAL

CanisterWorm Mar 2026

Uses ICP blockchain as C2 infrastructure. Harvests npm tokens, Kubernetes configs, Docker secrets, SSH keys, and Solana keypairs.

Blockchain C2Credential theftpostinstall
CRITICAL

Axios RAT Mar 2026

Compromised axios@1.14.1 and @0.30.4 inject plain-crypto-js — a RAT dropper that stages executables via postinstall.

Dependency injectionRATLock file compromise

Protect Your Supply Chain

Download Fabius and start defending your repositories in under 2 minutes.

Download for Windows