Modern software relies heavily on open-source libraries, but the scale, opacity, and constant change of these mean many vulnerabilities remain hidden. Traditional supply chain tools, such as SCA and SAST, only detect known threats, or patterns relating to known threats. They tell you what code you have, not what it is doing, and therefore remain blind to novel or undiscovered vulnerabilities.

At the core of PBI Explainer is our Model Explainer™, which closes this critical security gap in three simple steps:

1. It maps real program behavior using your test cases and normal use.
2. It creates a defensible baseline of expected actions that can flag any subsequent behaviors that fall outside of this.
3. It delivers a complete and accurate Software Bill of Materials.

Legacy systems may still harbour latent risks, which is why PBI Explainer reaches full effectiveness when paired with PBI Enforcement, forming an end-to-end defensive posture that closes the gap today’s supply chain leaves open.

At the heart of PBI Enforcement is our Behavior Enforcement Engine™ (BEE), which comprises two distinct modes of operation: Training Mode and Protection Mode.

Training Mode

Behavior Enforcement Engine integrates seamlessly and easily into your existing testing and QA process. It observes how your software behaves, recording every legitimate function call, interaction, and system response. This creates a behavioral model of your program that is contextual to both the functions being executed and the operating environment it is running in.

This whitelist of approved actions is therefore unique to you. The process is simple, transparent, and repeatable, with no rules to write and no manual tuning. Once created, the model can be reused across deployments and environments.

Even incomplete test suites are supported. The BEE continues to learn during what we call captive normal use, when the program runs safely in production like conditions without exposure to attack.

The result is a deterministic behavioral model that defines exactly how your program has been observed to operate.

Protection Mode

Once trained, BEE enters Runtime Protection Mode, continuously validating future program behavior before it happens. Every action is checked against the model. Expected behavior runs normally. Anything outside the trained parameters triggers a user configurable intervention.

Remediation aligns with your risk tolerance and operational goals and can include silent logging, alerting, restarting the process, executing a recovery routine or a combination of these.

BEE operates deterministically so every action is consistent, auditable, and repeatable. This delivers continuous protection that stops both known and unknown attacks, including zero-day exploits, before they can execute.

By enforcing only expected behavior, PBI Enforcement ensures your software only does exactly what it was designed to do, and nothing else.

PBI represents a true paradigm shift in software protection. We can help you if:

• You are concerned about the vulnerabilities that open-source code exposes you to, the risk of rogue programmers, and AI-driven exploit generation.
• You have at least reasonably good software hygiene, i.e. you have an established software testing processes.
• You are running software written in either Java, JavaScript or Python

PBI is based on the concept of expected behavior. If your approach is to ‘run fast and break things’, then achieving a model of known expected behavior will be challenging but not impossible.

You don’t need to have the world’s most rigorous software testing regime; we can even help you improve in this area as part of the deployment. But you do need to have at least a basic software testing process to benefit from PBI.

And as we highlight above, because the approach is application specific, it’s also language specific. A language agnostic version is coming, but for now our focus is on Java, JavaScript or Python.