Hunt Mode
Hunting MCP Server Exploitations
Shadow AI is not a future risk. It is already inside your environment. Developers are connecting MCP servers to AI clients without centralized approval, visibility, or governance. These servers inherit user-level access, persist across sessions, and execute locally with no additional authentication prompt. From a defender's perspective, the activity looks like the user did it — because the process tree says so. That is the problem. And it is exactly where you hunt.
Hunting Supply Chain Compromises LiteLLM & Axios
Supply chain attacks are not new. What is new is the pace and the precision. In the recent Axios and TeamPCP campaigns, we have different actors, different tooling, but the same fundamental constraint: both must install through package managers, execute outside the language runtime, access credentials, persist, and communicate externally. Each step leaves a behavioral trace that outlasts any IOC list.
Hunting the Notepad++ Update Hijack
Software supply chain attacks have shifted from occasional, high-profile incidents into a repeatable and increasingly preferred intrusion technique and the Notepad++ incident is the latest evolution. This gives hunters a case for looking at deviations from behavioral baselines.
Find hidden threats between the layers
Beacuse breaches happen in silence