We Audited Last Month's Breaches Against Our Own Defenses. 3 We'd Have Stopped, 3 We'd Have Warned, 1 We'd Have Missed.

Every vendor claims they'd have stopped the breach. Almost none will show you the one they'd have missed. So here is the uncomfortable version: we took the breaches that actually happened over the last few weeks, mapped each one against the specific defensive surfaces we run, and graded ourselves honestly. Three we'd have stopped. Three we'd have caught early but not prevented. One we'd have missed entirely. The misses are in here on purpose, because a capability claim you can't falsify isn't a capability claim — it's marketing.

First, the part that isn't a claim. Every number below is a live query against our own indexes, run while writing this. We carry adversary profiles for every actor in this list — ShinyHunters, Handala, TeamPCP, Lazarus, Salt Typhoon, MuddyWater, Clop, Qilin. Our blocklist feed carries roughly 1.2 million indicators from ten sources, including forty-five thousand from our own honeypots. And our MCP intelligence surface — the one almost nobody else has — now spans over 1.14 million crawled MCP servers and nearly 164,000 security findings on them. Hold that last number; it's the whole game where this is heading.

The two surfaces that matter most right now

The Shield is the edge. It's a Cloudflare Worker that pulls our own threat feed and blocks known-bad IPs, CIDRs, and whole bulletproof ASNs at the door, before a request ever reaches an origin. It rejects traffic that tries to bypass Cloudflare by hitting the origin's real hostname directly — the CF-Hero class of attack — and it runs thirty honeypot canary paths that catch scanners and feed their addresses straight back into the blocklist. It is a self-reinforcing immune layer: the scanners that probe us make us better at blocking the next scanner.

The MCP surface is the frontier. Model Context Protocol servers are how AI agents reach tools and data, and they are becoming the new supply chain — which means they are becoming the new attack surface. We crawl them at million-server scale, score them for risk, and run a judge — dredd — that evaluates an MCP server's identity and its full dependency graph before an agent is allowed to invoke it, returning block, advisory, or allow. That dependency-graph check is specifically designed to catch Shai-Hulud-class supply-chain compromise: the self-propagating worm that hides in transitive dependencies. This is not a hypothetical. Last month's Phantom Gyp worm didn't just poison npm packages — it injected backdoor files into AI coding-agent configs, the .claude and .cursor directories, so the tool that writes your next package becomes the persistence mechanism. The MCP layer is exactly where that fight lives, and it's where we're strongest.

The scorecard

Stopped, cleanly. The npm supply-chain worms — Miasma, and the Phantom Gyp variant that runs code through a binding.gyp file during install, sidestepping the lifecycle hooks every scanner watches. We shipped detection for that exact execution signature this month, and dredd's dependency-graph judging covers the MCP-and-agent side of the same lineage. The enterprise edge CVEs — the actively-exploited Cisco SD-WAN, Microsoft Exchange, and Defender flaws — all flow through our CISA KEV cross-reference into the customer feed, with measured lead time. A customer pulling our feed got the patch signal. And the MCP-agent poisoning vector itself: this is the surface we were built for.

Caught early, not prevented. Three of them. The Handala intrusion at California Water Service — we track Handala's infrastructure with a standing indicator set and daily DNS surveillance, so we'd have flagged their staging infrastructure as a warning before the dump, but we don't sit inside Cal Water's billing system. The GitHub breach via the poisoned Nx Console editor extension — we track the actor, TeamPCP, and we now detect the worm's artifacts, but the VS Code Marketplace is not a surface we watch; we'd have flagged their infrastructure, not stopped the eighteen-minute install window. And ShinyHunters' mass-exfiltration hits on Instructure's Canvas and on OnlyFans — we track the actor and we proactively hunt the phishing-infrastructure shapes they pre-register (the fake login and identity-provider domains), but we don't guard the victims' perimeters.

Missed. One, flatly. The Lazarus Group's DeFi heists — Drift Protocol and KelpDAO, over half a billion dollars in eighteen days. We track Lazarus as an actor, but those attacks targeted a governance multisig and a cross-chain bridge, and we do not watch DeFi internals. If you were Drift, we would not have helped you. That's the honest answer, and pretending otherwise would cost us the credibility that makes the rest of this post worth reading.

Why the misses don't worry us

Look at the shape. We stop and warn where the attack is migrating — the supply chain, the AI-agent layer, the shared pre-authentication edge that every company sits behind. We miss where we don't physically sit: inside a specific victim's network, or inside a financial protocol's smart contracts. That isn't a gap to apologize for; it's the thesis working. Unrelated adversaries — Iranian, North Korean, criminal, hacktivist — keep converging on the same handful of doors: the dependency you didn't audit, the agent config you didn't read, the origin hostname you thought was hidden, the edge device you didn't patch. We defend the door everyone shares, we track every actor who knocks on it, and we detect the supply-chain artifact they leave behind. We don't claim to be inside your network, because we're not, and the vendors who claim otherwise are the ones you should question.

We cap our confidence at 95 percent, always — our coverage is real but partial, our feeds are point-in-time, and the next novel vector is, by definition, the one we haven't mapped. But the scorecard is what it is: three stopped, three warned, one missed, every line backed by a query we'd run again in front of you. The frontier is the supply chain and the MCP layer, and that is precisely where we've put the most surface. The rest is honesty, which is the only part of a security pitch worth buying.

The threat feed this post is built on

1.14M+ IOCs, STIX 2.1, precursor signals, supply-chain detection. Free API key in 30 seconds.

Get your free key → analytics.dugganusa.com/stix/register