About pipebreach
pipebreach.com is a security research blog focused on supply chain security, CI/CD attack surfaces, and AI security. We publish original research, incident analyses, and the tools we build to investigate these problems.
The name comes from the attack pattern at the heart of most supply chain compromises: the build pipeline is the pipe, and once it's breached, everything downstream is at risk.
What we write about
- Incident analyses — deep dives into real public supply chain incidents, with technical detail that goes beyond the press release.
- Original findings — vulnerabilities and attack techniques we've discovered and responsibly disclosed.
- Tool releases — offensive and defensive tooling for auditing supply chain exposure.
We do not publish vendor marketing, sponsored content, or shallow takes. If we haven't read the code, we don't write about it.
Authors
Security researcher focused on supply chain security, CI/CD attack surfaces, and AI security.
Security researcher focused on AppSec, application security architecture, and DevSecOps.
Contact
For responsible disclosure or research collaboration, reach out via GitHub or Twitter. See individual author pages for contact details.
Policy
All vulnerability research published here follows responsible disclosure practices. We notify affected vendors before publication and allow reasonable time for remediation. We do not publish exploit code for unpatched critical vulnerabilities.