Blog

Security context, API design, and engineering from the Attestd team.

Tutorial
How to Give Your LangChain Agent a Security Sensor
Build a LangChain StructuredTool that checks CVE risk state and supply chain integrity for any dependency. Step-by-step with working code.
RobertApr 29, 20260 min read
Editorial
elementary-data 0.23.3 Was Compromised for 48 Hours Before Anyone Noticed
elementary-data 0.23.3 was backdoored via GitHub Actions injection on April 24. No CVE exists.
RobertApr 29, 20260 min read
Data & Insight
Expanding Container and Orchestration Coverage: 7 New Products Now Supported
Attestd now supports runc, Docker Engine, containerd, Kubernetes API Server, kubelet, Helm, and Argo CD.
RobertApr 25, 20260 min read
Editorial
The Same Threat Actor Who Compromised LiteLLM Just Hit Bitwarden
TeamPCP compromised Bitwarden CLI on npm April 22. The same actor hit LiteLLM on March 24. Here is the campaign pattern and what to check.
RobertApr 24, 20260 min read
Data & Insight
Supply chain integrity, now on /v1/check
Attestd now returns supply chain integrity signals alongside CVE risk state. One API call, two independent signals, 26 monitored PyPI packages.
RobertApr 18, 20260 min read
Data & Insight
NIST Just Admitted It Can't Keep Up With CVEs. Here's What That Means for Your Vulnerability Data.
NIST can no longer enrich most CVEs. Here's what the April 15 policy change means for vulnerability data, and why Attestd's confidence score field exists.
RobertApr 17, 20260 min read
Flowise Is Being Actively Exploited. Your AI Stack Has More Exposure Than You Think.
CVE-2025-59528 in Flowise is under active exploitation. Patching the app is step one. Check your entire AI dependency stack for CVE and supply chain exposure.
RobertApr 10, 20260 min read
Data & Insight
Expanding Database Coverage: 11 New Products Now Supported
Attestd now supports 11 new database engines including MySQL, MongoDB, Elasticsearch, and Microsoft SQL Server.
RobertApr 3, 20260 min read
Editorial
The LiteLLM attack and the two security layers your AI agent stack is missing
The LiteLLM supply chain attack exposed a gap most AI agent developers haven't thought about. Here's what happened.
RobertMar 30, 20260 min read
How to Stop Your AI Agent from Deploying Vulnerable Software
Stop your AI agent from deploying vulnerable software. Python SDK guide covering LangChain tool integration, async patterns, and outside-coverage handling.
RobertMar 17, 202610 min read