Introducing Dependency Firewall
Today we are introducing Dependency Firewall, which reviews every open-source package being downloaded anywhere in your company and blocks the malicious ones before they reach the person or system that asked for them. Developers, AI agents, and any employee using Claude, Codex, or other AI tools keep installing exactly as they do today. Security teams can ensure that AI is rolled out safely across the company.
Modern software runs on open source, and your developers, your systems, and the AI agents now working alongside them install dependencies from public registries every day. Attackers exploit that trust by publishing packages that mimic popular libraries and hide malicious code. The breach can happen on install: those scripts execute the moment a package is pulled down, which means a single developer machine or coding agent installing a malicious dependency can leak credentials, plant a backdoor, or exfiltrate source code before anything has been reviewed, built, or deployed.
Verizon reported that 48% of data breaches analyzed in its 2026 DBIR involved ransomware. And malware attacks have surged in recent months. They cost almost nothing to launch, and the people pulling in dependencies are no longer just security-conscious engineers: business users running AI assistants and autonomous coding agents now install packages on their own. The most dangerous package is always the one nobody has classified yet, and detection that depends on signatures, reputation, or intelligence from past attacks cannot see it until after it has already spread. Dependency Firewall is built to catch it the moment it appears.
What Dependency Firewall does
Dependency Firewall inspects every open-source package being downloaded in your company, regardless of who is installing it, and returns a verdict before it’s installed. Approved packages pass through with negligible latency, packages that warrant review are quarantined, and anything malicious is blocked with the supporting evidence attached.
Nothing changes for your teams. Engineers use the same install commands, CI pipelines run unchanged, and AI agents keep operating normally. The malicious dependency they would have pulled in just never reaches them.
How it works
Dependency Firewall analyzes packages the moment they are published rather than at install time. By the time anyone in your company requests a package, it has already been analyzed and Dependency Firewall allows or blocks the install.
This analysis runs on depthfirst’s agentic defense platform, the same system that discovered NGINX rift, a critical 18-year old vulnerability affecting a significant portion of global web traffic. For every new package version, it:
- Runs proprietary analysis on code and install scripts
- Performs runtime analysis to detect malicious package behavior
- Reasons about package intent and investigates unknown behavior
- Flags publisher and maintainer anomalies
- Maps dependency and transitive risk
- Checks against public and private threat and data feeds
Every verdict ships with the evidence behind it, so any decision can be audited back to the underlying signals.
You can deploy Dependency Firewall upstream of your private registry or artifact repository, or, if you do not run one, point your package managers directly at it and let Dependency Firewall serve as the registry. Either way, every install flows through the same path and is checked against the same analysis.
”We recently had an incident where an internal vibecoded app inadvertently pulled in a malicious package that put our company at risk. depthfirst’s Dependency Firewall is a game changer as it enables us to safely leverage AI across the company.” - F100 CISO
Guardrails you control
Beyond blocking what is clearly malicious, Dependency Firewall gives you a programmable enforcement layer over how open source enters your company. Your team can:
- Require a minimum package age before anything new is allowed in
- Restrict which dependency trees are acceptable
- Enforce license policies across direct and transitive dependencies
- Quarantine packages pending manual review
Verdicts route into the tools your team already uses, so critical detections can page through your incident response system, quarantines can open review tickets, and license violations can alert engineering in Slack. When the firewall calls something wrong, your team can override the decision in seconds, and depthfirst logs every override automatically.
Available now
Dependency Firewall works with the infrastructure you already have and can be deployed today. Your developers and agents do not need to change anything about how they install.
Dependency Firewall underscores depthfirst’s vision for autonomous security from design to production. As developers, CI systems, and AI-powered workflows bring open-source software into organizations, security must begin at the moment code is introduced and continue across the full software lifecycle.
depthfirst is dedicated to securing open source software. Through the Open Defense Initiative, we offer up to $5 million in depthfirst credits to maintainers of critical open-source projects, so they can find and fix real vulnerabilities before attackers can exploit them. We are releasing Dependency Firewall to the participants of the Open Defense Initiative to help them prevent malware attacks.