Sigil Blog
Security research for AI tooling
Threat analysis, supply chain intelligence, and practical guides for developers building with AI.
We Flagged 39,972 Threats. Most Were False Positives. Here's What We're Doing About It.
Our scanner flagged @wangeditor-next/plugin-mention with a risk score of 795. It was wrong. This is our commitment to transparency and continuous improvement.
Tools to Quarantine Repos Before Running 2026
This guide compares the best open-source, enterprise, and behavior-focused tools for quarantining and scanning repositories before running untrusted code. Learn how tools like Sigil complement traditional scanners by providing fast, pre-execution security.
Behavior-Based vs CVE Scanners in 2026
Behavior-based scanners analyze runtime actions like network calls and file access, while CVE-only scanners match known vulnerabilities. A combined strategy offers the best protection for software and AI supply chains.
Top Malware Scanning CLIs for Dev Workflows 2026
The best malware scanning CLI tools for developer workflows in 2026 combine fast, scriptable scans with deep coverage of code, dependencies, and build artifacts. This guide compares top options for behavior analysis, file scanning, container security, and CI/CD integration.
ShiftLeft vs Checkmarx for Agent Security 2026
ShiftLeft and Checkmarx provide SAST for agent code but differ in deployment and speed. Neither scans dependencies pre-execution. Sigil complements both by quarantining risky packages before they run.
Enterprise Code Quarantine Solutions 2026
Enterprise code quarantine solutions block malicious code before it runs in your pipeline. This 2026 guide compares leading tools and shows how to layer pre-execution security on top of SCA.
Pre-Execution Scanning Best Practices 2026
Pre-execution scanning applies security controls before any new code or services run, quarantining repos and scanning containers. This guide provides actionable workflows for developers and teams to implement these practices effectively.
Supply Chain Security Software for AI Code 2026
Supply chain security software in 2026 spans tools for SBOMs, SCA/CVE scanning, behavior-based analysis, and runtime controls. For AI agents, a layered stack is essential to manage dependencies, known vulns, and malicious behavior.
Tools to Quarantine Code Repos Before Run 2026
Quarantining code before execution is critical for AI supply chain security. This guide compares the top pre-execution scanning and sandboxing tools, including Sigil, Snyk, and GitHub Advanced Security, to help you choose the right defense for 2026.
The State of AI Agent Supply Chain Security in 2026
Developers install MCP servers with 12 GitHub stars, clone agent toolkits from Discord, and pull skills from registries with no review process — all of which get direct access to API keys and cloud credentials. We scanned every major AI package registry to map the threat landscape. The results aren't great.
DevSecOps Checklist for AI Supply Chains 2026
This 2026 DevSecOps checklist adds critical pre-execution controls for AI projects, focusing on repository quarantine, behavior-based scanning of dependencies and MCP servers, and CI/CD integration to stop supply chain threats before code runs.
Best OSS Security CLIs for Teams 2026
The best OSS security CLI tools for teams in 2026 combine CVE-based dependency scanning with behavior-focused checks for AI and open source code. This guide reviews Sigil, Trivy, Grype, and more to build a layered defense.
Subscribe to Sigil threat research
New threat analysis, detection signatures, and security research delivered to your inbox.