Skip to main content

Open Source Research

Threat Intelligence

Open source threat research for the AI security community. Detection patterns, malicious signatures, prompt injection analysis, and community-driven threat intelligence.

55 threat signatures4,700+ known threats50+ prompt injection patternsCommunity-driven

Detection Patterns

55 signatures

Detailed guide to Sigil's detection patterns across all 6 scan phases — from install hooks and code execution to prompt injection and AI skill malware.

Install Hooks

CRITICAL (10x) · ~15 patterns

Code Execution

HIGH (5x) · ~20 patterns

Network/Exfiltration

HIGH (3x) · ~18 patterns

Credentials

MEDIUM (2x) · ~15 patterns

Obfuscation

HIGH (5x) · ~12 patterns

Provenance

LOW (1-3x) · ~8 patterns

Prompt Injection

CRITICAL (10x) · 50+ patterns

AI Skill Security

CRITICAL (10x) · ~10 patterns

Explore →

Prompt Injection Patterns

8 attack categories

50+ patterns for detecting AI-specific attacks including direct instruction override, jailbreak personas, credential exfiltration, tool/function abuse, and social engineering.

Direct Instruction Override

Excellent coverage

Known Jailbreak Personas

Excellent coverage

System Prompt Exfiltration

Excellent coverage

Tool/Function Abuse

Excellent coverage

Sandbox & Detection Evasion

Good coverage

Social Engineering

Moderate coverage

Encoding-Based Injection

Good coverage

Multi-Turn Manipulation

Moderate coverage

Explore →

Malicious Signatures Database

4,700+ known threats

Research compilation covering 40+ real-world malware families with detection rationale. Hash-based lookups, community votes, and campaign attribution.

Explore →

Tracked Malware Families

Shai-Hulud npm Worm

Sep 2024

Self-propagating install hooks that modify package.json of infected projects

2.6B+ weekly downloads affected

MUT-8694 Cross-Ecosystem

Oct 2024

Binary delivery via provenance metadata abuse across two registries

First coordinated npm+PyPI attack

Hugging Face Model Poisoning

Nov 2024

Pickle deserialization exploit embedded in model weights

100+ ML models with reverse shells

Contribute

Help improve AI security by contributing signatures, reporting false positives, or sharing threat intelligence. Sigil's detection patterns are open source and community-audited.

Report Threats

Submit new malware samples or suspicious packages for analysis.

Contribute Signatures

Add detection patterns via pull request to the open-source repo.

Report False Positives

Help reduce noise by reporting false positives in detection rules.

Browse Threat Database →View Case Studies →View on GitHub →