has an
author.
Aephix is a threat intelligence platform for the AI agent supply chain. We link a malicious skill or MCP server to the operator and campaign behind it, then surface every related artifact they shipped, giving you greater clarity over any threat campaigns.
Scanners tell you a package looks suspicious or risky, then stop. We tell you which campaign it is part of, connect it to the operator behind it, and tell you what else to block.
A single threat actor ships hundreds of malicious packages under hundreds of aliases, across skills and MCP servers at once. Blocking one artifact stops one alias. Aephix stops the actor and the whole campaign.
An early look at the Aephix console: operators clustered across the agent supply chain, with calibrated, explainable verdicts. The full console is shown to design partners.
Every agent surface.
Attribute a malicious skill or MCP server to a known threat actor, not just flag the file.
Cluster related packages across skills and MCP servers into one campaign and actor.
Export the actor's full footprint as detections for CI, EDR, and secret scanners.
A growing intelligence corpus of how threat actors operate, sharper every campaign.
A scanner flags one file. We link it to the operator and the campaign behind it.
One operator wears many masks across registries and marketplaces. We re-unify them.
Skills and MCP servers carry a natural-language attack surface that package tools cannot read.
A private record of how operators behave, sharper every campaign. The methods are public, the data is not.
The publisher is right there in the registry. Is that not the threat actor?
Usually not. The uploading account is the easiest thing to fake, and a good operator uses a fresh one per package. It can even be a hijacked account belonging to an innocent maintainer. What matters is the same hand behind many packages, whoever pushed them.
How is this different from a scanner?
A scanner detects when one artifact is risky or malicious. We connect it to a single operator, surface what else they have shipped across registries and marketplaces, and tie it into one campaign you can act on at once.
Do you unmask the real person behind an attack?
No. One operator hides behind many accounts and aliases, often across different ecosystems. We pull those back together into a single operator you can block in full and stay ahead of. Putting a real-world name to the person is law-enforcement work, not what we do.
Why do existing tools not already do this?
Most tooling grew up around traditional packages and reads the code, and it does that well. Agent skills and MCP servers add a language layer that an engine built for agents is positioned to read.
How confident are your verdicts?
Every verdict comes with a confidence level and the evidence behind it. We do not overstate what we cannot back up.
Can I use it today?
Not openly yet. We are in private beta with a few design partners. If you work in AppSec or threat intelligence, or run a marketplace, let's chat!
for the AI agent supply chain.
See the operation behind the next attack on your agents, and everything else it touches, before it spreads.
Thanks. We will reach out as we onboard design partners.