More Open Source Security episodes

Anubis with Xe Iaso thumbnail

Anubis with Xe Iaso

Published 5 Jan 2026

Duration: 33:37

Anubis is a web application firewall that uses challenging puzzles to prevent bot abuse, but has encountered issues with unintended user blocking and balancing accessibility and security.

Episode Description

Josh chats with Xe Iaso, the creator of Anubis the web AI firewall. We discuss how Anubis is tackling bots and scrapers. The discussion around the scr...

Overview

Anubis is a web application firewall designed to prevent bot abuse by presenting users with computationally expensive challenges that are easy for humans to solve but difficult for bots due to their lack of JavaScript execution or time constraints. Originally developed as a personal project to secure a Git server from automated attacks, it has since been adopted by the United Nations and is under consideration by educational institutions. The system works by sending challenges to browsers, which return results to the server, effectively blocking scrapers and bots that fail to complete them. However, a bug related to odd-numbered CPU cores on certain devices inadvertently blocked legitimate users.

Anubis evaluates trustworthiness using a "request weight" system, a concept inspired by the ancient Egyptian idea of weighing souls. The tool faces the challenge of balancing effective bot deterrence with maintaining user accessibility. Its development has also prompted discussions around open source sustainability, potential monetization models, and the broader impact of automation on online abuse.

Recent Episodes of Open Source Security

22 Jun 2026 Packagist and Composer security with Jordi Boggiano

Strategies for securing open-source ecosystems include malware detection via third-party feeds, transparency logs, rapid incident response, blocking malicious downloads, private registry controls, immutable package releases, standardized workflows, MFA enforcement, and technical proposals like artifact validation and build attestation, while addressing challenges like maintainer hacking, AI risks, usability trade-offs, and the need for ecosystem-wide alignment and human verification.

15 Jun 2026 Sustaining Open VSX with Mike and Thabang

Eclipse Foundation's OpenVSX, a VS Code extension repository, surged to 600M monthly downloads, evolved to a commercial model with enterprise SLAs and security teams, while addressing scalability, open-source balance, and funding challenges for AI expansion.

8 Jun 2026 Hacking your CI/CD with Francois Proulx

Critical vulnerabilities in open source CI/CD pipelines, including hijacking and supply chain attacks via social engineering or compromised builds, are highlighted through incidents like TJ Actions and Ultralytics, with mitigation strategies emphasizing secure credentials, externalized workflows, threat modeling, and tools like *Smoked Meat* and *Bagel* to enhance incident response and supply chain security.

1 Jun 2026 Open source verification with Sal Kimmich

Cybersecurity challenges include complex application ecosystems, overlooked kernel vulnerabilities, supply chain risks, and systemic risks from under-resourced organizations prioritizing surface-level controls, alongside calls for regulatory reforms, proactive threat modeling, secure development practices, and addressing tribal nations' unique legal and sovereignty concerns.

25 May 2026 Vulnerability disclosure with Casey Ellis

The evolution of vulnerability disclosure highlights challenges in prioritizing critical issues, outdated legal frameworks, and the role of initiatives like Disclosed.io in standardizing policies, alongside AI's impact on detection, open-source risks, triage complexities, and the need for collaboration and transparency to address systemic security barriers.

More Open Source Security episodes