We caught the Axios compromise with a tool we built in an afternoon. Now, we’ve open sourced it. Using LLMs to analyze diffs in changes to package repos, we moved from reactive monitoring to real-time detection. Our team breaks down the full timeline and the logic behind the tool in the blog post below.
When Axios was compromised on Monday, Elastic's threat research team caught it first. We didn't use legacy scanners; we used that we built in a single afternoon using AI/LLM. The logic is simple: Humans can't audit 15,000 package updates an hour. LLMs can. By using AI to analyze code diffs, we identified a state-sponsored attack in real-time. If you aren't using AI to keep pace with the adversary, you aren't defending. Read our full breakdown, including the open sourced tool used to find the compromise: https://lnkd.in/gwMZc8e5
