Sigil Blog
Security research for AI tooling
Threat analysis, supply chain intelligence, and practical guides for developers building with AI.
Supply Chain Security Software for AI Code 2026
Supply chain security software in 2026 spans tools for SBOMs, SCA/CVE scanning, behavior-based analysis, and runtime controls. For AI agents, a layered stack is essential to manage dependencies, known vulns, and malicious behavior.
Tools to Quarantine Code Repos Before Run 2026
Quarantining code before execution is critical for AI supply chain security. This guide compares the top pre-execution scanning and sandboxing tools, including Sigil, Snyk, and GitHub Advanced Security, to help you choose the right defense for 2026.
The State of AI Agent Supply Chain Security in 2026
Developers install MCP servers with 12 GitHub stars, clone agent toolkits from Discord, and pull skills from registries with no review process — all of which get direct access to API keys and cloud credentials. We scanned every major AI package registry to map the threat landscape. The results aren't great.
DevSecOps Checklist for AI Supply Chains 2026
This 2026 DevSecOps checklist adds critical pre-execution controls for AI projects, focusing on repository quarantine, behavior-based scanning of dependencies and MCP servers, and CI/CD integration to stop supply chain threats before code runs.
Best OSS Security CLIs for Teams 2026
The best OSS security CLI tools for teams in 2026 combine CVE-based dependency scanning with behavior-focused checks for AI and open source code. This guide reviews Sigil, Trivy, Grype, and more to build a layered defense.
Nexus vs Artifactory vs Sigil for Secure Devs 2026
Nexus and Artifactory manage artifacts, while Sigil quarantines and scans code behavior before it runs. This guide compares their roles in a secure 2026 software supply chain for AI and open source.
Veracode Alternatives for AI Code Security 2026
Veracode excels at SAST and SCA for traditional apps, but for AI agent code and supply chain threats, tools like Sigil add critical pre-execution scanning. This guide compares alternatives and provides a decision framework.
SBOM for Containers and AI Code 2026
This guide explains SBOMs as machine-readable inventories for container and AI code components. Discover how to automate SBOM generation, combine it with behavior-based scanning, and address modern supply chain risks.
Block Hidden Install Hooks in 2026
Hidden install hooks let malware execute before code review, evading CVE scanners. This guide provides a concrete playbook to block them using pre-install quarantine, behavior-based scanning, and best practices for CI/CD and local development.
How Do You Secure AI Agent Code? The Three-Layer Security Stack Explained
AI developers face a new class of supply-chain attacks that Snyk, Dependabot, and CodeQL weren't built to catch. The three-layer AI security stack combines pre-installation quarantine scanning (Sigil), deep AI-powered vulnerability analysis (OpenAI Aardvark, Anthropic Claude Code Security), and defense-in-depth workflows to protect every stage of AI development—from git clone to production deployment.
Behavior vs CVE Scanners: 2026 Comparison
This comparison explains how behavior-based scanners detect executable threats like install hooks and data exfiltration that CVE-only scanners miss. Learn which approach to use for AI agent security in 2026.
Securing Your AI Agent Workflow with MCP + Sigil
Give your AI coding agents security tools via MCP. Scan packages before install, audit repos automatically, and prevent malicious code execution.
Subscribe to Sigil threat research
New threat analysis, detection signatures, and security research delivered to your inbox.