Releases, research, customer milestones, and the occasional company update. We post here when something meaningful ships. We do not post here to fill a content calendar.
The May refresh of Griffin L closes the gap on reachability analysis for transitive dependencies. Across our internal eval suite, false positives dropped 30 percent without a regression on recall. The adversarial disproof head was retrained on a larger corpus of refuted candidates pulled from the last two quarters of production traces.
ReadOne of our largest deployments reached a milestone of ten thousand autonomously applied fixes across their monorepo this quarter. Average time from finding to merged patch dropped from 11 days to 3 hours. The customer has asked to remain unnamed; the case study walks through the rollout pattern in detail.
ReadA short paper describing the trace-attestation format that every Griffin response is emitted with. The format is open, the verifier is open source, and the goal is to make AI-generated security findings independently reproducible by any downstream consumer. Feedback from the standards community is welcome.
ReadWe have expanded the leadership team with a new Head of Sovereign Deployments to scale the air-gapped and classified offerings that customers in defence and public-sector verticals depend on. The role reports to the CTO and is based out of the Dublin office.
ReadPolicies, guardrails, and remediation recipes can now be published, versioned, and consumed through the Marketplace. Every contribution is signed, reviewed, and provenance-tracked. The first wave includes 40 community-authored policies covering supply chain, AI safety, and licensing.
ReadOur research team analysed five years of zero-day disclosures across npm, PyPI, Maven, and Go modules. The paper proposes a small change to the default disclosure embargo that reduces exploitation windows by an average of 18 days. The data set is open for reproduction.
ReadThe Eagle family now handles compound policy reasoning across multi-jurisdiction compliance frameworks. The release includes a new evaluation suite covering NIS2, DORA, and the EU AI Act, with published scores on every benchmark.
ReadAegis, the air-gapped variant of the platform, reached 500 production deployments across public-sector and regulated customers this month. The release notes for the underlying appliance build are published in the changelog, including the SBOM for the appliance itself.
ReadGriffin Gen 5 is our fifth-generation production reasoning model and the first to ship with a complete, attestable reasoning trace on every response. The 280B mixture-of-experts checkpoint runs with a 1M token context window, a new adversarial disproof head that actively tries to refute its own candidate findings before emitting them, and a 41 percent reduction in unverifiable claims relative to Gen 4. Median end-to-end latency on a typical reachability query is 2.1 seconds. The release also ships an open verifier for the trace format so downstream auditors can independently reproduce conclusions.
ReadEagle Gen 5 is the fifth generation of our compliance-reasoning family and the first capable of synthesising controls across overlapping frameworks in a single pass. The 190B dense checkpoint covers NIS2, DORA, EU AI Act, FedRAMP High, and ISO 27001:2022 simultaneously, with cross-framework conflict detection and a citation index that points every output clause back to a specific regulation section. Context window is 512K tokens, calibrated for full policy corpora. Eval scores on the public CompliBench suite improved by 28 points over Gen 4, and the model now refuses to answer when source citations are insufficient rather than hallucinating.
ReadLion Gen 5 is the latest on-device distilled model in the family. At 8B parameters with a 128K context window, it runs comfortably on a single consumer GPU or an Apple Silicon laptop, while matching Griffin Gen 4 on the core reachability benchmark to within 3 points. The distillation pipeline now preserves the disproof head from its Griffin teacher, so local IDE plugins can reject false-positive findings without a round-trip to the cloud. Cold-start latency on M-series hardware is under 400 ms.
ReadGriffin Gen 4 was the major capability jump of last year. The 120B dense checkpoint introduced structured proof obligations, chain-of-thought caching for repeated dependency subgraphs, and the first version of the disproof head later refined in Gen 5. Context window doubled to 256K tokens. Benchmarks on the internal Reach-1k eval moved from 71 percent to 86 percent precision at fixed recall. This was also the release where customers started reporting reductions in noisy alerts large enough to change their on-call rotations.
ReadEagle Gen 4 introduced the machine-checkable control mapping format that customers now use to drive audit-grade reports. The 70B checkpoint trained on a curated corpus of public and licensed regulatory texts, with a 128K context window that comfortably fits a full SOC 2 Type II audit package. Eagle Gen 4 was also the first model in the family to support cross-framework reasoning, where a single control could be evaluated against multiple frameworks simultaneously. It remains the recommended fallback model for customers who have not yet upgraded to Gen 5.
ReadLion Gen 4 reached the size and capability threshold where customers could realistically run policy gates entirely offline in air-gapped CI runners. The 3B parameter checkpoint shipped with a 32K context window, INT8 quantisation out of the box, and a deterministic decoding mode for reproducible build verdicts. This was the release that unlocked the Aegis appliance for development teams who could not tolerate a network egress dependency in their build pipeline. Per-query energy use was measured at roughly one third of Gen 3 on the same hardware.
ReadGriffin Gen 3 was the scale-up generation. Parameter count rose to 34B dense, context window to 128K tokens, and the training mix expanded to cover Maven, Go modules, Cargo, and NuGet alongside npm and PyPI. The model could, for the first time, reason about transitive dependency chains more than ten hops deep without losing track of the call graph. Gen 3 is also the release where we introduced the structured finding schema that every later generation has built on. It set the baseline expectations that customers still use to evaluate competitors.
ReadEagle Gen 3 was the first model in the policy family to support more than one compliance framework at a time. The 22B checkpoint added PCI DSS v4.0 and HIPAA Security Rule reasoning to the existing SOC 2 coverage, with a 64K context window and a new citation-required output mode that refused to produce a verdict without a specific clause reference. Customer feedback from this release shaped the multi-jurisdiction synthesis work that would later become the headline feature of Gen 5.
ReadLion Gen 3 was the generation where on-device finally became a default option rather than a curiosity. The 1.3B parameter checkpoint ran in under 4 GB of RAM after quantisation, comfortably inside the memory budget of a developer laptop, and the 16K context window was sufficient for file-level reasoning inside IDE plugins. Gen 3 introduced the streaming token interface that the IDE extensions still use today, and was the basis for the first commercial release of the offline scanner.
ReadGriffin Gen 2 was the first major refresh of the family and the release where reachability stopped being a heuristic and started being a reasoning task. The 7B parameter checkpoint expanded the context window from 4K to 32K tokens, introduced typed dataflow tracking across function boundaries, and added language coverage for Ruby and PHP. Gen 2 also shipped the first version of the structured output schema, replacing the freeform prose responses of Gen 1. Internal eval precision moved from 48 percent to 64 percent at the same recall threshold.
ReadEagle Gen 2 was the first time we separated the policy-reasoning model from the production Griffin checkpoint. Until then, compliance was a fine-tuned variant of the same backbone. The 5B dedicated Eagle checkpoint was trained on a curated SOC 2 corpus with a 16K context window, and it produced verdicts with explicit clause-level citations rather than the freeform explanations of the earlier shared model. Customer auditors were able to trace every finding back to a specific control for the first time, which set the design direction for every later Eagle release.
ReadLion Gen 2 was the first generation of the on-device family that customers actually deployed to production CI. The 450M parameter distilled checkpoint ran in under 1 GB of RAM with an 8K context window, and was small enough to live inside a standard GitHub Actions runner without blowing the cache. Gen 2 introduced the deterministic seeding behaviour that makes Lion outputs reproducible across machine restarts, which turned out to be a hard requirement for regulated build environments. The model was originally distilled from Griffin Gen 2.
ReadGriffin Gen 1 was the original release of the family and the first model we ever shipped to customers. The 1.3B parameter checkpoint had a 4K context window and supported reachability analysis on two ecosystems, npm and PyPI. The scope was narrow by today's standards: single-file reasoning, prose outputs, no structured schema, and a recall ceiling that capped usefulness for very large monorepos. Even so, it was the first time customers could ask a model whether a CVE-tagged package was actually exploitable in their code, and the answer was right more often than not.
ReadEagle Gen 1 was the original entry in what would later become a dedicated policy family. At launch, Eagle was a fine-tuned variant of the Griffin Gen 1 backbone, specialised on SOC 2 Common Criteria with a 4K context window. The release scope was deliberately narrow: it covered the security trust services criteria only, and it produced freeform explanations rather than structured verdicts. Customers used it as a starting draft for evidence narratives rather than as a final verdict source, but the response quality was high enough to justify the dedicated model split in Gen 2.
ReadLion Gen 1, originally codenamed and shipped under a different name, was the first experimental on-device companion to Griffin. The 125M parameter distilled checkpoint had a 2K context window and was intended as a developer-facing inline suggestion model rather than a full reasoning system. Latency on commodity hardware was under 100 ms per token, which made it usable as a typing-time assistant, but the recall on real reachability tasks was low. Gen 1 served mostly to validate that an on-device variant of the family was viable at all; later generations took it from curiosity to production.
ReadSubscribe to the RSS feed for everything. Or drop your email and we will send a short monthly digest with the releases and research that matter. No marketing copy, no upsell, no sharing.
Send a note to news@safeguard.sh and we will add you to the monthly digest list.
Where to go for longer-form writing, press resources, and the technical changelog.