Vulnerability Reports

AI agent security research: we scan real-world threats, publish what we find, and add new detection patterns based on what we learn. Every report makes SUNGLASSES stronger. Every gap we find gets fixed in public.

April 5, 2026 NEW LIVE THREAT

How We Detected the Claude Code Supply Chain Attack

After the Claude Code source leak, hackers created trojanized GitHub repositories distributing Vidar infostealer and GhostSocks proxy malware — 121+ downloads. We scanned the actual attack materials. Sunglasses caught 7 threat signals and blocked every file in ~10 milliseconds. Covered by The Register, BleepingComputer, Trend Micro, SecurityWeek, and 8 more outlets.

4 CRITICAL 3 HIGH 3 rules triggered ~10ms scan

April 1, 2026 LIVE THREAT

axios Supply Chain RAT — BlueNoroff / Lazarus Group

Malicious axios versions (1.14.1, 0.30.4) deployed a cross-platform Remote Access Trojan via npm. Concurrent with the Claude Code source leak. We scanned the real deobfuscated payload — 460 lines of credential-stealing, wallet-draining, self-deleting malware attributed to North Korean state actors.

1 CRITICAL 1 HIGH 1 MEDIUM +8 new patterns 3.67ms scan

Coming soon

Claude Code MCP/Hooks Attack Surface Analysis

The leaked source revealed the exact orchestration logic for Hooks and MCP servers. We'll map the prompt injection attack surface that the blueprint exposes — and show what Sunglasses catches at each entry point.

Coming soon

OpenClaude / Claw Code Fork Analysis

Community forks of the leaked code are spreading fast. Some strip guardrails. Some add unknown code. We'll scan the most popular forks for hidden threats.

Coming soon

Anti-Distillation Trap Detection

The leak revealed that Claude Code injects fake tool definitions to poison competitor training data. Can SUNGLASSES detect when an agent is being fed decoy tools? New pattern category in development.

Found a threat you want us to scan? Have malware samples from the wild?

[email protected]

Or open an issue on GitHub