Research, blog posts, and whitepapers from the Breachline Labs team.
How Breachline's Nebula runs continuous, autonomous penetration tests: a swarm of reasoning agents that chain real exploits, prove them, and report.
How a single SSRF reaches the cloud metadata endpoint, steals IAM credentials, and pivots to full account takeover, plus the controls that stop it.
Most AI browser tools script clicks and get flagged as bots. HumanBrowser gives Nebula a real Chromium it drives by sight, through an intercepting proxy.
TeamPCP poisoned Trivy, Checkmarx, and LiteLLM in a 2026 supply chain campaign (CVE-2026-33634). Who they are, what they hit, and how to stop them.
The JWT attacks that bypass mature defenses: RS256-to-HS256 confusion, jku/x5u poisoning, kid injection, and cross-service token replay.
A practical playbook for defending the software supply chain in 2026: the attack patterns behind the year's biggest incidents, and the controls that stop them.
Anthropic's Claude Mythos post claimed 181 Firefox exploits and an overnight FreeBSD RCE. The model card's fine print tells a far more careful story.
XBOW raised $120M, Claude Mythos writes exploits overnight, yet curl's maintainer has never seen a valid AI bug report. What actually works versus theatre.
Vercel's April 2026 breach traces to one compromised third-party OAuth token from Context.ai. The full attack chain, the IOCs, and the lessons for your team.
Attackers backdoored Axios on npm on March 31, 2026, deploying cross-platform RATs in under 3 hours. Here's what happened and how to protect your builds.
Attackers compromised LiteLLM on PyPI on March 24, 2026, stealing credentials from thousands of AI deployments. Here's what happened and how to respond.