How do I quickly check if my JavaScript project uses one of the compromised npm packages?

The fastest way is to search your lockfiles for the exact malicious versions. Open your repository and run grep or use GitHub code search for lockfile references. Validate matches against the compromised version list (chalk, debug, ansi-styles, strip-ansi, etc.). If found, pin and upgrade to known-safe versions immediately. Re-scan after updates to confirm removal.

What’s the safest way for beginners to prevent npm supply chain attacks in CI/CD?

Use lockfile-enforcing commands so builds cannot drift to malicious versions. Replace npm install with npm ci. For pnpm users, enforce pnpm install --frozen-lockfile. Ensure all pipelines reject mismatched dependency trees and add dependency-policy checks to pull request workflows.

How should enterprise security teams validate exposure across both source code and production?

Correlate SBOM inventory data with repository lockfile scans and runtime package enumeration. Query SBOM systems (e.g., Wiz) for exact version matches. Scan GitHub organizations using filename-restricted queries to avoid partial matches. Validate running containers or Node services to ensure no compromised versions are loaded. Document remediation ownership and re-check after deployment.

What workflow should large enterprises follow when malicious dependencies are discovered?

Follow a structured triage, assignment, update, and verification loop. The SOC runs initial detection and opens a ticket with the owning team. Developers patch and regenerate lockfiles while AppSec validates diffs. CI/CD tests enforce frozen lockfiles to block regressions. Runtime scans verify that no orphaned containers still load the compromised package.

Introducing the Security Context Graph: Mate Security

We are witnessing the AI SOC revolution as we speak.

AI is slashing alert queues, increasing focus, and speeding up SOC work like never before. Overloaded Tier-1 analysts are being elevated to AI engineers - they are happier!

I personally see this on every customer call I attend.

And yet, when I meet a CISO for the first time, I can feel the mistrust. They have piloted AI in their SOC and were burned with a bad experience: agents taking months to learn, confidently generating wrong verdicts, and requiring more “babysitting” than the SOAR they were meant to replace.

Before we started Mate, my co-founders and I worked at some of the companies that built the earlier AI SOC agents. We saw why they were failing, and it wasn't the agent, it was the data.

AI Agents are fed data structured for humans.

This is not surprising. Throughout history, every time a disruptive technology was introduced to scale human labor, we had to rearrange the environment - originally structured for humans, for the new technology to work. Most AI solutions are missing that part.

Take this example from a completely different domain - agriculture:

‍

‍

**Restructure the Environment for the New Technology and It Scales**

‍

The harvester breaks, until you restructure the grove around it; only then does it scale.

And this is exactly the case with AI.

We have a massive SOC challenge, vendors have rushed to build AI agents to solve it, but no one has ever stopped to think about building a data structure to make these agents work.

SOC analysts work with tables, logs, and documents, they communicate over Slack, MS Teams or phone. They rely on their experience and common sense to connect the dots. But AI cannot do that. AI agents need more than tables and documents to draw conclusions. They need more than the ‘what’ - they need the ‘why’”: the operational context.

For example: an experienced analyst knows that emails from training@acme.com are typically simulated phishing. The analyst knows this because it was communicated in a Slack conversation, or in a ticket closed as a "phishing exercise”. The analyst will understand the context and remember this “memory” for next time, but AI will not.
This is where AI starts hallucinating.

Getting AI SOC agents to reason like experienced analysts requires a paradigm shift in the way we arrange data. We need to restructure data for AI consumption, using operational context - “memories” as our new building block.

This is why we have built the Security Context Graph.
The underlying foundation for our agentic AI platform.

**Security Context Graph: Conceptual Design**

‍

The Security Context Graph is a graph of memories, capturing SOC knowledge just like an experienced analyst sees it. AI agents can now easily traverse the Graph to fetch precise answers to complex investigations. It is a living and breathing structure, dynamically rebuilding and optimizing with every investigation, every ownership change, every policy change, so decisions are made according to what’s relevant right now.

Before we started building our first agent we spent months building the technology for transforming SOC knowledge, residing in multiple formats and sources into the Security Context Graph. This data first approach is what makes Mate fundamentally different and more accurate. And our customers are seeing the impact.

We are consistently hearing these four messages from our customers.

Accuracy: our agents “get it right” more often: agent reasoning dramatically improves, with agents now capable of answering complex questions with precision.
Consistency: because the Security Context Graph is designed to provide a single point of truth, verdicts are much more consistent while most AI agents are unpredictable.
Transparency: by restructuring data to an analyst’s point of view, an agent can easily explain the reasoning behind a verdict. And it allows agents to occasionally admit: “I ran the investigation and I am 70% sure - this is the data I need from you to be more confident”.
Adaptability: agents are resilient to the frequent changes in policies, ownership and best practices typical of a SOC. This is because the Graph is continuously constructed and adjusted to the most recent organizational context.

We have built our product on the foundation of the Security Context Graph because we recognized that agents are only as effective as the data structure on which they are built.

This is the only way for AI to earn trust.

‍

FAQs

Why do AI SOC agents fail without a new data structure?

AI SOC agents fail because they rely on human-structured data that lacks the contextual “why” needed for accurate reasoning.
‍

Identify gaps between raw data and decision-making context.
Capture implicit analyst knowledge as structured input.
Enable AI to reason using both facts and intent.

What problem does the Security Context Graph actually solve?

The Security Context Graph solves the disconnect between raw security data and the contextual understanding required for accurate investigations.
‍

Aggregates knowledge from tools, tickets, and communications.
Transforms scattered data into connected “memories.”
Provides a single source of truth for investigations.

Find out why Mate has built the Security Context Graph.

Why is “context” more important than raw data in security operations?

Context is critical because it explains when and why something is normal, enabling accurate differentiation between benign and malicious activity.
‍

Attach business and operational meaning to alerts.
Capture conditions like user role, timing, and intent.
Avoid false positives caused by missing context.

Learn more about the Swiss cheese security.

How does the Security Context Graph improve AI accuracy?

It improves accuracy by structuring knowledge as interconnected memories that AI can query and reason over dynamically.
‍

Stores relationships between users, assets, and behaviors.
Allows AI to traverse context instead of guessing.
Continuously refines accuracy with new data.

How does Mate use the Security Context Graph during investigations?

Mate queries the graph in real time to enrich alerts with relevant context and produce accurate, explainable verdicts.
‍

Pull historical decisions and related entities.
Correlate signals across tools and timelines.
Present findings with reasoning and confidence levels.

Learn more about Mate, book a demo.

How does the graph stay relevant as environments change?

The graph continuously rebuilds using new data so decisions always reflect the current organizational state.
‍

Ingests updates from IAM, tickets, and policies.
Recalculates relationships as conditions evolve.
Balances historical knowledge with real-time signals.

Find out how AI is empowering SOC teams.

How can I tell if my SOC lacks the context needed for AI?

Your SOC lacks context if analysts rely on memory, tribal knowledge, or external tools to make decisions.
‍

Identify where analysts manually “connect the dots.”
Track reliance on undocumented knowledge.
Evaluate inconsistencies in similar incident handling.

Asaf Wiener

Co-Founder and CEO at Mate

about the author

Asaf Wiener, Co-Founder and CEO of Mate Security, is a cybersecurity product leader with deep expertise in cloud security, vulnerability management, and SOC innovation.

Get a Demo

Introducing: the Security Context Graph

FAQs

explore the world of Mate

You can't out-respond the volume. Try CD/CR

AI SOC: How It Works, Key Benefits & What to Look For

AI is the New C2 for Supply Chain Attacks