Phoenix Blue Shield · Close the Tap

Protect your developer endpoint. Code Safely.

Discover endpoints, Skills, VSX Extensions. Block malware within minutes of exploitation. Agentic fix delivered directly in the agent.

AI agents, installs, CI/CD pipelines, deploy-time SBOM checks — Phoenix Blue Shield closes the tap before a malicious package reaches your production environment.

+MCP AGENT FIREWALL +INSTALL-TIME PROXY +CI/CD PR GATE +SBOM ADMISSION CHECK +MALICIOUS PACKAGE INTEL +77 DETECTION SIGNALS +DUAL-LLM VALIDATION +ADVERSARIAL JUDGE +SUPPLY CHAIN FIREWALL +PRE-INSTALL BLOCK +AGENTIC SDLC SECURITY +CLOSE THE TAP +MCP AGENT FIREWALL +INSTALL-TIME PROXY +CI/CD PR GATE +SBOM ADMISSION CHECK +MALICIOUS PACKAGE INTEL +77 DETECTION SIGNALS +DUAL-LLM VALIDATION +ADVERSARIAL JUDGE +SUPPLY CHAIN FIREWALL +PRE-INSTALL BLOCK +AGENTIC SDLC SECURITY +CLOSE THE TAP
Capabilities

Control your AI SDLC from one place.

Real-time blocking, Skills and VSX controls, Agents, CI/CD, endpoint deployment. Continuous monitoring. Agentic interaction — block, ask for human help, suggest the best path to remediation.

Real-time malware blocking

Phoenix actively detects and blocks malware before it hits the device. Neural Network Engine runs 77 signals across 5 stages — no CVE required.

Skills & VSX extension governance

Scan and control IDE and browser extensions installed by developers. Block malicious extensions automatically. Mirrored rules for Skills and OpenVSX.

Continuous monitoring

Check every install as it happens — and after. Intelligence refreshed every hour. A package that was clean on Monday gets caught on Tuesday if behaviour changes.

Group-based policies

Set different policies for different teams. Developers get flexibility. Security teams get control. Apply rules to Engineering, Sales, or Marketing independently.

Request & approval workflow

Route team requests through security review. Define exceptions, approve new packages, and accept new installs in one click — without blocking delivery.

Agentic fix & remediation

Developers get the remediation directly in the agent. Block cycle, ask for human help, suggest the best path — all without leaving the coding session.

Sources

Full coverage across developer ecosystems.

96.5K packages tracked. 12 ecosystems. Every tool the developer touches — covered.

Package Registries

npm
PyPI
Maven
NuGet
Cargo (Rust)
Go
RubyGems
GitHub Actions

IDE & Browser Extensions

VS Code
JetBrains
OpenVSX
Firefox
Chrome
Cursor
Windsurf

AI & Skills

Gemini
OpenAI
GitHub Copilot
Claude Code
MCP Servers
Skills.sh
Deploy

Deploy in three steps. No new infrastructure.

Agent, workstation, CI/CD. Coverage from the coding session to production — without touching your existing pipeline.

1
STEP 1

Deploy to workstations

Deploy through MDMs — Jamf, Fleet, or Kandji. No new infrastructure. Manage global and team-level permissions from the Phoenix platform. Covers every developer machine.

Jamf Fleet Kandji
2
STEP 2

Configure teams & ecosystems

Choose which registries and marketplaces to monitor. Set minimum package age, allowlists, blocklists, and approval workflows. Apply different rules to different teams. AI-guided rule configuration included.

AI Rule Builder Team policies
3
STEP 3

Cover your CI/CD in depth

Central package proxy scans all packages at CI/CD. Verify safe packages during code commit — vulnerability check, license check, malware check. All developer processes point here. SBOM admission at deploy.

GitHub App Zero YAML SBOM
Platform

Blue Shield is control layer 4 and 5 of the Agentic SDLC.

Part of Phoenix Actionable ASPM — the "Close the Tap" half. Works alongside Phoenix Blue (intelligence), Phoenix Purple (code analysis), and Phoenix Orange (one backlog).

01
Spec
Security skills
Purple
02
Generate
Scaffolding
Purple
03
Session
Agent scan
Purple
04
Install
Package firewall
Blue Shield
05
PR Gate
CI/CD check
Blue Shield
06
Backlog
Auto-remediation
Orange · Green
The Four Gates

Block it at the agent. Block it at install. Block it at CI. Block it at deploy.

Phoenix Blue Shield enforces at every point in the development pipeline. A package that gets past Gate 1 hits Gate 2. Past Gate 2, it hits Gate 3. There is no single chokepoint to bypass.

GATE 01

MCP Agent Firewall

Every package request from Claude Code, Cursor, or any MCP-compatible agent goes through Phoenix Blue Shield before it reaches the registry. Malicious packages are blocked before the agent even issues the install command. Works across Claude Code, Cursor, and GitHub Copilot.

Also covers

Any AI assistant that speaks Model Context Protocol

GATE 02

Install-Time Proxy

Intercepts npm and PyPI installs before the install hook executes. The proxy scores the package in real time — metadata, static heuristics, LLM analysis — and blocks anything that fails. No behavioral execution required. Stops typosquatting, dependency confusion, and novel malware at the install call.

Covers

npm · PyPI · no new infrastructure required

GATE 03

CI/CD PR Gate

Every pull request is checked against Phoenix Blue Shield's Malicious Package Intelligence. New dependencies introduced in the PR are scored automatically. Risky packages block the check run; suspicious packages post a warning. No YAML changes required — integrates as a GitHub App check.

Zero config

GitHub App · webhook-driven · SARIF output

GATE 04

Deploy-Time SBOM Admission

The final enforcement point. Before a container or package reaches production, Phoenix Blue Shield validates the SBOM against current intelligence. Anything that passed earlier but has since been flagged as malicious — a package that turned malicious after the PR check — is caught here.

Continuous coverage

Intelligence refreshed every 1 hour

Detection Engine

Neural Network Detection: Five stages. No single-pass verdicts.

Phoenix Malicious Package Intelligence runs every suspicious package through five sequential detection stages. A second LLM challenges every claim from the first. Behavioral sandbox confirmation is available for high-confidence threats.

01
Metadata Pre-Filter
Fast triage on publish metadata: package age, maintainer history, naming patterns, version anomalies. Eliminates noise before deep analysis begins.
02
Neural Network Engine
40+ rules across 10 signal categories. Obfuscated payloads, install hook abuse, env variable theft, C2 callouts, persistence patterns.
03
LLM Analyst
Structured source-sink reasoning. The model traces data flow from input (env, fs, network) to output (exfiltration, persistence, C2) across the full package source.
04
Adversarial Judge
A second LLM challenges every claim from Stage 3. No single-pass verdicts. Each detection is cross-examined before it ships as a block decision.
05
Sandbox Confirmation
Optional dynamic execution for high-confidence threats. Behavioral validation in an isolated environment. Used for novel malware where static analysis alone isn't sufficient.
// Stage 01 — Metadata Pre-Filter

analyze_metadata({
  package: "utils-helper-v2",
  published: "2026-06-09T03:42:11Z",
  maintainer_age: 4 // days
  version_pattern: "1.0.0",
  name_similarity: 0.94 // "utils-help"
})
→ Metadata score: HIGH RISK
→ Signals: new maintainer, name squatting
→ Forwarding to Stage 02

77 detection signals. 10 signal categories.

Publish metadata anomalies
Maintainer history & age
Install hook abuse patterns
Env variable exfiltration
Obfuscated payload detection
C2 callout patterns
Typosquatting / name similarity
Persistence mechanism writes
Dependency confusion vectors
License & source anomalies
Network call fingerprints
Version pattern irregularities
Book a Demo

Stop the next supply chain attack before it installs.

See Phoenix Blue Shield in action — from MCP agent firewall to deploy-time SBOM admission.

  • Four enforcement gates live in your environment in under a day
  • 15-minute median from detection to exploitation block
  • Covers npm, PyPI, MCP, Claude Code, Cursor, GitHub Copilot
  • No new infrastructure — works with your existing CI/CD
  • Intelligence refreshed every hour from 380K+ CVEs and live malware feeds
Book a Demo
Fill in the form and we'll be in touch within one business day.
Derek

Derek Fisher

Head of product security at a global fintech

Derek Fisher – Head of product security at a global fintech. Speaker, instructor, and author in application security.

Derek is an award winning author of a children’s book series in cybersecurity as well as the author of “The Application Security Handbook.” He is a university instructor at Temple University where he teaches software development security to undergraduate and graduate students. He is a speaker on topics in the cybersecurity space and has led teams, large and small, at organizations in the healthcare and financial industries. He has built and matured information security teams as well as implemented organizational information security strategies to reduce the organizations risk.

Derek got his start in the hardware engineering space where he learned about designing circuits and building assemblies for commercial and military applications. He later pursued a computer science degree in order to advance a career in software development. This is where Derek was introduced to cybersecurity and soon caught the bug. He found a mentor to help him grow in cybersecurity and then pursued a graduate degree in the subject.

Since then Derek has worked in the product security space as an architect and leader. He has led teams to deliver more secure software in organizations from multiple industries. His focus has been to raise the security awareness of the engineering organization while maintaining a practice of secure code development, delivery, and operations.

In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

Jeevan Singh

Jeevan Singh

Founder of Manicode Security

Jeevan Singh is the Director of Security Engineering at Rippling, with a background spanning various Engineering and Security leadership roles over the course of his career. He’s dedicated to the integration of security practices into software development, working to create a security-aware culture within organizations and imparting security best practices to the team.
In his role, Jeevan handles a range of tasks, from architecting security solutions to collaborating with Engineering Leadership to address security vulnerabilities at scale and embed security into the fabric of the organization.

James

James Berthoty

Founder of Latio Tech

James Berthoty has over ten years of experience across product and security domains. He founded Latio Tech to help companies find the right security tools for their needs without vendor bias.

christophe

Christophe Parisel

Senior Cloud Security Architect

Senior Cloud Security Architect

Chris

Chris Romeo

Co-Founder
Security Journey

Chris Romeo is a leading voice and thinker in application security, threat modeling, and security champions and the CEO of Devici and General Partner at Kerr Ventures. Chris hosts the award-winning “Application Security Podcast,” “The Security Table,” and “The Threat Modeling Podcast” and is a highly rated industry speaker and trainer, featured at the RSA Conference, the AppSec Village @ DefCon, OWASP Global AppSec, ISC2 Security Congress, InfoSec World and All Day DevOps. Chris founded Security Journey, a security education company, leading to an exit in 2022. Chris was the Chief Security Advocate at Cisco, spreading security knowledge through education and champion programs. Chris has twenty-six years of security experience, holding positions across the gamut, including application security, security engineering, incident response, and various Executive roles. Chris holds the CISSP and CSSLP certifications.

jim

Jim Manico

Founder of Manicode Security

Jim Manico is the founder of Manicode Security, where he trains software developers on secure coding and security engineering. Jim is also the founder of Brakeman Security, Inc. and an investor/advisor for Signal Sciences. He is the author of Iron-Clad Java: Building Secure Web Applications (McGraw-Hill), a frequent speaker on secure software practices, and a member of the JavaOne Rockstar speaker community. Jim is also a volunteer for and former board member of the OWASP foundation.

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

The IKIGAI concept
Protected By
Shield Security PRO