How Lineaje Aims to Turn Software and AI Supply Security from Risky to Routine
If you’ve been overwhelmed by SBOMs, critical CVEs, and mounting board-level pressure about your organization’s AI security posture, you’re far from alone. What was once a niche technical concern has now become a headline risk for executives. Today, a single overlooked open-source library buried deep in your dependencies can spark a full-blown corporate crisis.
This is precisely the challenge Lineaje was built to tackle. As co-founder and CEO Javed Hasan explains, the company’s mission hinges on one deceptively complex question: Where does your software truly originate, and how exposed does that make you?
In a recent CyberDefense Magazine Innovator Spotlight, Hasan shared how Lineaje began by securing software supply chains at their roots and is now rapidly expanding into safeguarding AI-driven infrastructure. If you handle application security, supply chain risk, or AI governance, this conversation is essential viewing.
Beyond Basic SBOMs: The Push for Deep Supply Chain Transparency
Hasan traces Lineaje’s mission back to the concept of software provenance—where code actually comes from—not just whether it has known vulnerabilities.
“Lineaje is about lineage,” he says. “We want to trace where every software component originates: whether it’s open source, third-party, or built in-house.”
While many vendors claim to support SBOMs, Hasan sees that as mere table stakes—not a solution in itself.
“Lineaje can break down any software—regardless of its current form—into its smallest constituent parts,” he explains. “We dissect the entire supply chain down to the deepest level available.”
In real-world deployments, dependency trees routinely reach “nearly 60 layers deep,” he notes, as every developer builds on someone else’s code. The result? A tangled, often invisible web of interdependencies.
“It’s a deep supply chain problem,” Hasan summarizes.
Once an application is fully decomposed, Lineaje overlays multiple risk dimensions: vulnerabilities, code quality, security posture, and even geographic origin.
“For instance, we’ve found that 33% of open-source commits came from China, and 7% from Russia,” he shares. “We can tie contributions to specific developers and map them to geopolitical or operational risk.”
While the output qualifies as an SBOM, Hasan insists it’s far richer than typical industry approaches. He calls it “the deepest SBOM possible.”
This depth enables rapid portfolio-wide risk triage. He recalls assessing Cisco Security’s entire software estate in “roughly three to four days,” giving their CISO a clear picture of which apps posed the greatest risk—and why.
For many teams, that kind of visibility alone would be transformative. But Lineaje treats it as just the starting point. The real question is: what do you do next?
Gold Open Source: Slashing 95% of Risk at the Source
Hasan paints a stark picture: since modern software is typically 70% open source, that’s where most risk lives.
“We can now take those 70% and make them free of critical or high-severity vulnerabilities, malware, and unverified origins,” he says. “We call this ‘gold open source’—reliable, continuously hardened versions of popular components.”
The approach is simple in theory but operationally intense: rebuild open-source packages at scale, strip out threats, formally attest their integrity, and deliver them to customers as a trusted baseline.
“You remove 70% of components from risk—not by deleting them,” Hasan clarifies, “but by swapping them for ‘gold’ versions that are cleaned, verified, and maintained.”
He adds: “If open source typically accounts for 95% of your total risk surface, adopting gold open source can eliminate 95% of that exposure.”
That claim gets immediate attention from legal teams.
“Lawyers love that,” Hasan notes. One CISO shared how their legal department constantly flags risky open-source libraries: “We get alerts saying, ‘Don’t use this library,’ and we spend weeks hunting through codebases to find who’s using it and why.”
With Lineaje, that process takes seconds. Once an app portfolio is mapped, “you can search for a specific library in about 10 seconds,” Hasan says. “We’ll show you every affected application—and even identify the teams responsible, because we link code to commit authors and owners.”
That bridge between SBOM data and organizational accountability is often what separates static reports from actionable security workflows.
Autonomous Fixing: Boosting Developer Efficiency Without Downsizing
Even with full visibility and safe components in place, progress stalls if developers hesitate. Their most common concern: Will applying this fix break my application?
Hasan identifies this as the main bottleneck preventing faster software modernization.
“Our SBOMs cover all first-party code—we understand the full software architecture,” he explains. “That lets us analyze proposed updates and distinguish between compatible and breaking changes, both in source and containerized environments.”
With this intelligence, Lineaje can automatically apply all safe, compatible fixes. Only the breaking changes require manual review—and those are grouped intelligently so developers resolve them in a single, coordinated effort rather than dozens of scattered patches.
The productivity gains are dramatic. At Fannie Mae, Hasan reveals, “there are 2,000 developers, and 20–25% of their time is spent just patching vulnerabilities.” That equates to 400–500 full-time engineers doing nothing but patching.
By removing 95% of open-source risk through gold open source and then automating the compatible patches, Hasan says they “cut about 80 to 85% of the developer effort needed to fix vulnerabilities.”
You don’t need to take every marketing claim at face value to recognize the trend. Taken seriously, this goes beyond just shifting security left. It’s about letting the robot handle the heavy lifting while developers focus on real product work. Hasan describes it as “building safe,” rather than tacking on security as an afterthought, and he’s upfront about how AI makes this achievable at scale.
“Of course, we’re using a lot of AI to rebuild open source at scale. Autonomous fixes are obviously AI-driven, but that’s really AI being used to improve security.”
That’s a natural transition into the part of the conversation where he moves from traditional software to the emerging AI tech stack.
A New AI-Focused Infrastructure And A Completely New Attack Surface
Hasan doesn’t treat AI as an add-on feature. He sees it as an entirely new layer of infrastructure with its own supply chain.
“We’ve seen the emergence of this new territory. I call it a new infrastructure, which is AI-focused,” he says. That includes “LLMs, MCP servers, agents, agent swarms, super agents,” and the platforms that allow not just developers, but business users to build powerful automations.
“If you look at the AI tech stack, it’s actually completely different from the traditional software tech stack,” he argues. “So we’re seeing the rise of a new software stack.”
With that comes a familiar problem in a new form. Where does this AI come from, what’s it connected to, and who can it communicate with?
“Is the LLM my developer is using derived from DeepSeek? Classic example,” he asks. “These MCP servers. I used to have Salesforce. Now Salesforce gave me an MCP server. ServiceNow gave me an MCP server. Now everyone who can talk to that MCP server has access to all my data.”
That last sentence should make any CISO uncomfortable. Suddenly, AI agents are connecting themselves to internal systems and data lakes with just a few lines of code, and the control plane is, at best, still immature.
To understand what CISOs actually needed, Hasan says they “went and interviewed a whole bunch of CISOs like you,” and the themes were remarkably consistent.
First, AI is arriving faster than governance can keep up. Developers bring in tools, business units adopt low-code and no-code AI agent builders, and even HR staff can now “write an agent.”
“So the first problem is, can you give me visibility into all the AI entering my organization, and give me the reputation of everything,” he explains.
In the SBOM world, that meant software bills of materials. In the AI world, Hasan is now talking about AI BOMs.
“We went from SBOMs to now AI BOMs,” he says. “So now this is basically your AI BOM with the same level of lineage and reputation tracking.”
Second, CISOs know they need policies, but the landscape is constantly shifting.
“We don’t know what the right security policies for agent-based AI are,” Hasan says. “Agent-to-agent communication should be encrypted. Is it? There are new compliance standards like the EU AI Act. You’re seeing new threat vectors, new kinds of attacks—prompt injection is well known. We’re seeing reasoning compromise, we’re seeing LLM poisoning.”
And then there are best practices that seem obvious in hindsight but are rarely enforced:
“An agent or LLM connecting directly to MCP should never be allowed,” he notes. “LLMs are talkative. Once they get the data, they’ll reveal something. Someone will ask it the right way, and they’ll spill it. So you should always have an LLM filtered through an agent. PII should always be masked.”
The message from CISOs was clear. Tell us what good looks like, give us policies organized by categories like threats, best practices, and compliance, and then don’t just hand us a 40-page PDF.
Because, as Hasan points out, some organizations have already written that lengthy policy document. The challenge is enforcing it.
“If you say PII data should always be masked, how do you want to enforce it? How do you know that maybe you wrote code for it and so on. So enforcing those policies is hard, especially since they’re constantly evolving.”
That’s where Lineaje’s new product comes in.
Unify: Central Policy Engine For AI, Built Into the Build and Run Pipeline
Hasan describes Unify as “a central policy manager and implementer for all AI.”
At a high level, it does three things.
First, it discovers AI assets and generates that AI BOM. You point it at source code, IDEs, containers, and other environments, and it “will generate the complete embedded AI list for you.” That covers LLMs, MCP servers, agents, skills, and other components of the modern AI stack.
Second, it lets you allow and block AI components, and recommends policies across the key categories Hasan mentioned earlier: threats, best practices, compliance, and within those, data, identity, vulnerabilities, and more. Organizations can enable or disable recommended policies and add their own existing rules.
Third, and this is the crucial part, Unify isn’t just a dashboard. It’s implemented as an MCP server that integrates into your development and CI/CD workflows.
“So you have a central place,” Hasan says. “What it does is it discovers, generates an AI BOM. The second thing it does, it allows you to allow and block, and it also recommends policy. And then what it does is, as agents are being created, it takes every policy, creates guardrail equivalents, and inserts them into code so developers don’t have to.”
Speaker 2 sums it up neatly: “Your tool is actively becoming a component of CI/CD for AI.” Hasan’s response is straightforward: “Exactly. For AI, but centered around AI because it’s a completely new attack surface.”
He’s candid about the pattern repeating from the early days of the internet.
“We have a saying now, which says, AI has been made very easy to build. All of us can now build AI applications, but it’s amazingly hard to make it run securely,” he says. “We did that with the internet. We said, very easy to use, completely insecure. We’re doing it again with AI.”
Unify is designed to make “build AI, run AI” just as easy as it is today, but with security policies actually applied at build time and runtime, rather than bolted on in a panic.
An AI Kill Chain for a New Breed of Threats
Classic cybersecurity models like the MITRE ATT&CK framework and the traditional cyber kill chain were designed to address threats targeting endpoints, networks, and applications. According to Hasan, AI-driven attacks are fundamentally different enough to warrant a dedicated framework of their own.
“With Unify, we’re witnessing an entirely new threat landscape with entirely new attack methods,” he explains. “Prompt injection didn’t even exist two years ago. Now I can manipulate how my LLM-powered agents reason by crafting specific questions that alter their decision-making. I can teach them new behaviors through skills.”
Lineaje has developed what they call an AI kill chain—inspired by the traditional cybersecurity kill chain concept but specifically adapted for AI-focused attack patterns.
“We created an AI kill chain with 54 distinct techniques, mirroring the original model,” Hasan notes, “and we’ve built policies for each technique. These protections come ready to use out of the box.”
He provides a practical example: imagine a basic invoice processing agent that reads and handles PDF invoices—a common business scenario. Now examine it from a security perspective.
“What happens if that PDF contains malicious, hidden, or obfuscated content?” he asks. “Did the developer who built that agent know enough to write code that doesn’t just process the PDF but actually sanitizes it by accounting for all possible attack vectors? Probably not.”
Those security controls might exist somewhere in a lengthy policy document, but that doesn’t guarantee they’re properly implemented in the actual code. With Unify, when it detects a PDF being fed into a prompt, “it automatically identifies and applies the 10 relevant document-cleaning policies.” The security guardrails are inserted without manual effort.
From the developer’s viewpoint, Hasan envisions this as a security co-pilot that quietly handles protection in the background.
“We’re essentially giving developers a security co-pilot that also writes the code for them. They don’t need to master every policy—they can focus on building their application while security guardrails are autonomously injected.”
For CISOs, the value is clear: rather than hoping thousands of developers (including citizen developers) will read and flawlessly implement evolving AI security policies, you get a centralized system that standardizes and enforces those protections automatically—across both traditional software and the emerging AI stack.
Hasan is straightforward about Unify’s market position: “There’s currently no equivalent—nothing comparable. It’s truly first to market.”
What CISOs Should Do Now
When asked what action he’d recommend to potential clients, Hasan doesn’t focus on feature lists—he emphasizes a shift in thinking.
“The call to action is simple: build secure AI agent applications. If that matters to you, Unify is the answer,” he says.
For CISOs and security leaders, this translates into several practical steps:
- Map your actual software and AI stack—not the idealized version.
If you lack deep visibility into your open-source, third-party, and first-party components—and now your AI components and their connections—you’re not managing risk, you’re guessing at it. Tools in Lineaje’s category exist to close that gap. - Treat SBOMs and AI BOMs as dynamic assets, not compliance paperwork.
The goal isn’t just having a document—it’s knowing what changed overnight, where risky components are located, and which teams are responsible. If you can’t answer “where is this banned library or model being used?” within seconds, your future incidents will be slower, noisier, and costlier than necessary. - Leverage automation to reduce developer burden.
With some organizations spending 20–25% of developer time on vulnerability remediation, any solution that safely automates compatible fixes and cuts manual effort deserves serious consideration. Reclaiming the productivity of hundreds of engineers without adding headcount is real security ROI. - Recognize AI as a new attack surface and design defenses accordingly.
Prompt injection, reasoning manipulation, LLM poisoning, skill exploitation, and unregulated MCP access aren’t futuristic scenarios—they’re today’s vulnerabilities and tomorrow’s breaches. Whether you choose Lineaje Unify or another platform, you’ll need a centralized AI policy engine that can define rules once and enforce them across the entire AI development and runtime lifecycle. - Demand proof that vendors understand AI-native threats.
When a vendor claims to secure “AI applications,” ask for specifics. How do they detect hidden content in prompts? Can they model an AI kill chain? Do they address skills and MCP servers, or are they just rebranding existing tools with AI buzzwords?
If you’re a CISO planning your 2026 strategy and wondering how to prevent your software and rapidly expanding AI initiatives from becoming your next board-level crisis, it’s worth exploring what companies like Lineaje are building. Gold open-source components, autonomous remediation, and an AI-native policy platform aren’t magic solutions—but they represent concrete steps toward making software and AI supply chains more predictable, visible, and, ideally, uneventful.
In cybersecurity, uneventful is underrated.
Call to Action for CISOs
If you’re ready to move beyond compliance checklists and slide decks toward a more operationally sound approach to software and AI supply chain security, consider these next steps:
- Arrange a technical deep dive or demo focused on your specific challenges—whether that’s open-source risk, vulnerability remediation workload, or AI agent governance.
- Request a demonstration of how a tool like Unify discovers AI dependencies in your own repositories and how its policies align with your existing standards and regulatory requirements.
- Pilot gold open-source and autonomous remediation workflows with one or two high-value, high-risk applications, and measure the impact on your vulnerability backlog and developer productivity.
Organizations that get ahead of software and AI lineage, policy enforcement, and automation will be the ones answering board questions with data instead of speculation. If you want to be in that group, now is the time to start evaluating platforms that treat supply chain and AI security as core priorities—not afterthoughts.
Author’s Note
The author interviewed Javed Hasan, co-founder and CEO of Lineaje, at the 2026 RSAC Conference in San Francisco, held March 23–25, 2026.
For more information, visit www.lineaje.com.
About the Author
Pete Green serves as CISO/CTO of Anvil Works, a ProCloud SaaS company, and is co-author of “The vCISO Playbook: How Virtual CISOs Deliver Enterprise-Grade Cybersecurity to Small and Medium Businesses (SMBs).” With over 25 years in information technology and cybersecurity, Pete is a seasoned security professional.
Throughout his career, he has held diverse technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Security Project Manager, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, CTO, CEO, Virtual CISO, and CISO.
Pete has worked with clients across numerous sectors, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.
He holds a Master of Computer Information Systems in Information Security from Boston University, designated as a National Center of Academic Excellence in Information Assurance/Cyber Defense (CAE IA/CD) by the NSA and DHS, along with a Master of Business Administration in Informatics.
