AI Models (Griffin, Eagle, Lino)
The three Safeguard-built security models — their roles, versions, and availability.
AI Models
Safeguard develops and operates three purpose-built AI models for software supply chain security. Each is trained on security-specific corpora (vulnerability databases, patch diffs, exploit PoCs, SBOM graphs, license texts, incident postmortems) rather than general-purpose web data.
Model Overview
| Model | Role | Primary Use |
|---|---|---|
| Griffin | Remediation and reasoning | Autonomous patching, vulnerability explanation, chat |
| Eagle | Discovery and classification | Zero-day candidate detection, malicious package detection |
| Lino | Compliance and attestation | Policy evaluation, SBOM QA, regulatory mapping |
All three share an ensemble retrieval layer backed by the Safeguard knowledge graph (CVEs, EPSS, KEV, OSV, upstream advisories, exploit feeds, and customer telemetry).
Griffin
Griffin is the flagship reasoning model — the one most customers interact with directly through chat, AI Remediate, and the MCP server.
What Griffin does
- Autonomous remediation — generates pull requests that upgrade, patch, or replace vulnerable dependencies. Reviews the diff, runs tests, iterates until green.
- Vulnerability reasoning — explains CVEs in context, assesses reachability against the specific codebase, recommends prioritization.
- Natural language querying — "show me all production workloads with KEV-listed CVEs published in the last 30 days".
- Multi-step workflows — chains discovery, scoring, remediation, and PR submission into a single autonomous run.
Griffin versions
| Version | Released | Availability | Notes |
|---|---|---|---|
| Griffin 1.0 | 2024-Q2 | GA (all tiers) | First production release. Initial remediation corpus. |
| Griffin 1.5 | 2024-Q4 | GA (all tiers) | Added reachability-aware prioritization and SLSA reasoning. |
| Griffin 2.0 | 2025-Q2 | GA (all tiers) | Autonomous multi-file PRs. Long-context SBOM ingestion. |
| Griffin 2.5 | 2025-Q4 | GA (all tiers) | Added SAST/DAST reasoning, improved test-repair loops. |
| Griffin 3.0 | 2026-Q1 | GA (all tiers) | Default today. Tool-use agent loop, multi-repo awareness. |
| Griffin 3.1-preview | 2026-Q2 | Preview (Enterprise) | Evaluation dataset-hardened; reduced hallucination on obscure CVEs. |
Pick your version in Settings → AI Models. Enterprise customers can pin a version for reproducibility.
Eagle
Eagle is the detection model. Unlike Griffin (which reasons about known vulnerabilities), Eagle finds new ones.
What Eagle does
- Malicious package detection — classifies npm / PyPI / Maven uploads as likely benign, suspicious, or malicious based on install-script behavior, code patterns, and registry metadata.
- Zero-day candidate detection — flags code changes that introduce likely exploitable patterns, feeding the TAOR pipeline.
- Typosquat and brand-impersonation detection — finds packages masquerading as popular libraries.
- Behavioral anomaly detection — flags runtime workloads whose network, filesystem, or process behavior deviates from baseline.
Eagle versions
| Version | Released | Availability | Notes |
|---|---|---|---|
| Eagle 1.0 | 2024-Q3 | GA | Malicious npm package classifier. |
| Eagle 2.0 | 2025-Q1 | GA | Added PyPI, Maven, crates.io. Behavioral model. |
| Eagle 2.5 | 2025-Q3 | GA | Registered as inline detector for npm --before-publish hooks. |
| Eagle 3.0 | 2026-Q1 | GA | Default today. Unified package-ecosystem detector + runtime anomaly. |
Eagle runs inline in the Safeguard registry (Gold) and on customer-configured webhooks. It also feeds the zero-day research queue (see Zero-Day Discovery).
Lino
Lino is the compliance model. It reads standards, policies, and evidence — and decides whether an artifact complies.
What Lino does
- Regulatory mapping — maps a control catalog (NIST 800-53, ISO 27001 Annex A, CRA essential requirements, SSDF tasks) to concrete evidence from your Safeguard environment.
- SBOM quality scoring — evaluates CycloneDX / SPDX documents against NTIA minimum elements and CycloneDX completeness.
- Policy authoring — given a plain-English intent ("block any production image with an unpatched critical KEV CVE"), Lino drafts a policy YAML.
- Attestation reasoning — validates SLSA / in-toto attestations and explains why an artifact fails a required level.
Lino versions
| Version | Released | Availability | Notes |
|---|---|---|---|
| Lino 1.0 | 2025-Q1 | GA | FedRAMP HIGH and EO 14028 mapping. |
| Lino 1.5 | 2025-Q3 | GA | CRA, DORA, NIS2 regulatory mapping. |
| Lino 2.0 | 2026-Q1 | GA | Default today. Multi-jurisdiction policy authoring. FedRAMP 20x support. |
Lino powers the Compliance dashboard in ESSCM and is available via the POST /v1/compliance/evaluate API.
Deployment Options
All three models are available in three deployment modes:
- Shared cloud — default. Runs on Safeguard's FedRAMP-HIGH environment. No setup required.
- Dedicated tenancy — single-tenant inference cluster for Enterprise accounts.
- On-premises / air-gapped — quantized builds that run on customer GPUs for classified and IL7 deployments. Contact sales for the deployment guide.
Privacy
- Your source code, SBOMs, and telemetry are never used to train shared models.
- Per-tenant fine-tunes are opt-in and stay inside your tenant boundary.
- Inference requests are logged with tenant-scoped keys for audit only; bodies are not retained beyond 24 hours by default (Enterprise: configurable 0–365 days).
Related
- Griffin AI — detailed Griffin feature guide.
- Zero-Day Discovery — how Eagle feeds the research pipeline.
- Compliance — how Lino evaluates regulatory frameworks.
- MCP Server — how Griffin is exposed to external AI clients.