Safeguard.sh Documentation Center

Zero-Day Discovery

How Safeguard finds, validates, and publishes zero-day vulnerabilities in open source and vendor software.

Zero-Day Discovery

Safeguard runs a continuous zero-day research pipeline across open source packages, container base images, and AI models. Discovered vulnerabilities are validated, scored, and disclosed through coordinated channels — and delivered to customers before they appear in public CVE feeds.

How the Pipeline Works

Zero-day discovery runs through four stages: ingestion, analysis, validation, and publishing.

1. Ingestion

Safeguard continuously ingests:

  • Every public commit on watched repositories across npm, PyPI, Maven, NuGet, Crates.io, Go modules, RubyGems, Composer, Conda, Hugging Face, and OCI registries.
  • New releases within minutes of publication.
  • Maintainer signals — GitHub issues, pull requests, security advisories in draft, and abnormal commit activity.
  • Container base image changes — new layers, new binaries, CVE drift.

This ingestion layer is the foundation of the TAOR (Trace, Analyze, Observe, Report) architecture.

2. Analysis

Each new artifact goes through:

  • Static analysis — taint tracking, dataflow, symbolic execution, fuzz-driven input generation across multiple analyzers.
  • Dynamic analysis — sandboxed execution with syscall / network monitoring to flag behavior that differs from prior releases.
  • Differential analysis — diff against the previous version to identify sensitive changes (auth, crypto, deserialization, IPC).
  • Dependency graph analysis — 100-level transitive scanning to find whether a change propagates into widely-used packages.
  • Griffin AI review — each candidate is reviewed by Griffin AI, which correlates the change against the package's historical patterns, similar vulnerability classes, and known exploit techniques.

3. Validation

A finding becomes a candidate zero-day only if:

  1. A reproducer is constructed and runs without manual tweaking.
  2. A minimum-qualifying-context (MQC) analysis shows a realistic path to exploitation.
  3. At least one human researcher signs off on impact and severity.

Pre-validation filtering rejects roughly 96% of raw candidates. The remaining 4% enter the disclosure queue.

4. Publishing

Validated zero-days flow through two channels simultaneously:

  • Customer channel — Safeguard subscribers receive the finding immediately through the ESSCM feed, Portal, and CLI / IDE clients. SBOMs are re-scored. Griffin AI generates remediation PRs where a fix exists.
  • Upstream channel — coordinated disclosure to the upstream maintainer with a 90-day default embargo (shorter if active exploitation is observed). Safeguard requests CVE assignment and publishes a detailed advisory after the embargo.

TAOR Architecture

TAOR is the name of Safeguard's zero-day infrastructure.

  • Trace — ingest every artifact, every commit, every release.
  • Analyze — run the multi-tool analysis matrix.
  • Observe — watch runtime behavior and dependency telemetry across customer fleets (with opt-in, anonymized signal).
  • Report — publish to customers and upstream coordinators.

Observe is the distinctive layer: telemetry from customer SBOMs and runtime collectors feeds anomaly detection back into the pipeline. Unusual package co-installations, sudden version pinning across the ecosystem, and suspicious registry uploads all surface as leads.

Customer Experience

Zero-days appear in your environment as:

  • A new finding in ESSCM with category zero-day and a Safeguard-assigned identifier (SG-YYYY-NNNNN).
  • A CVE reference once the embargo ends (typically 14–90 days after initial disclosure to you).
  • An automated remediation PR from Griffin AI when a patched version or safe configuration exists.
  • A policy alert in the Portal if the affected component violates any policy gate.

Signal-to-Noise Discipline

Not every finding is published. Safeguard suppresses:

  • Low-impact bugs that do not cross a trust boundary.
  • Findings in unmaintained packages with zero downloads in the last 365 days.
  • Issues that require an attacker to already have write access to the application.

Research output targets severity medium and above with a realistic exploit path.

API and Feed

Subscribers can pull the zero-day feed via:

safeguard zero-days list --since 2026-01-01 --severity high

Or from the API:

curl -H "Authorization: Bearer $SG_TOKEN" \
  https://api.safeguard.sh/v1/zero-days?severity=high&since=2026-01-01

The feed includes the SG identifier, affected components, reproducer hash, severity, exploitation status (none, poc, in-the-wild), and upstream coordination status.

Researcher Program

Safeguard's research team also accepts external submissions. Validated findings published under the Safeguard disclosure program earn bounties based on impact and novelty. Contact research@safeguard.sh for submission guidelines.

  • Griffin AI — how automated remediation ties into zero-day publishing.
  • Vulnerabilities — how discovered issues surface inside ESSCM.
  • Policies and Gates — block artifacts with unpatched zero-days at build or deploy time.

Deep Dependency Scanning (100 Levels)

Scan dependencies 100 levels deep — 40 more than most SCA tools — to find vulnerabilities hidden in transitive dependencies.

Malware Detection

Detect malicious packages, images, and model weights using Eagle — Safeguard's purpose-built classification model.

On this page

Zero-Day DiscoveryHow the Pipeline Works1. Ingestion2. Analysis3. Validation4. PublishingTAOR ArchitectureCustomer ExperienceSignal-to-Noise DisciplineAPI and FeedResearcher ProgramRelated