
Blog
Ido Shani
DifyTap: Zafran discovers how attackers can silently wiretap AI data across tenants on a platform powering 1M+ apps
June 22, 2026

AI is changing how serious software vulnerabilities are discovered, compressing the time between discovery and exploitation. Defending against this new reality requires a new model of coordinated defense.
Today, we're announcing that Zafran has joined Athena, a coalition of software vendors, security companies, and some of the world's most targeted enterprises, all working together to defend against a fast-changing class of software vulnerabilities.
The way serious vulnerabilities are discovered has fundamentally changed, prompting Chainguard to invite Zafran to join Athena, one of the first serious efforts to build a new model of defense.
Within Athena, Zafran turns intelligence into action, transforming early vulnerability discovery into protection that holds up in real production environments.
Athena is a coordinated defense coalition. Members share newly discovered software vulnerabilities through a pre-disclosure feed, many of them surfaced by frontier AI systems scanning open-source code at a scale no human research team could match.
Historically, a vulnerability could travel from discovery to public disclosure with attackers and defenders learning of it at the same moment. Athena creates a protected window ahead of that moment. During the embargo period, the coalition fixes the underlying code, builds protective measures, and prepares the organizations that need to act, so that by the time a vulnerability is public, defenses are already in place.
Members play different roles across a shared pipeline. Some find the vulnerabilities, some fix the code upstream, some build the protections that hold before a patch is available, and some surface the exposure to the organizations that need to respond. Founding members include leading enterprises and vendors across banking, cloud, networking, and software supply chain security.
Frontier AI has changed the economics of finding vulnerabilities. Models can scan enormous volumes of open-source code and surface flaws faster than the disclose-and-patch cycle can absorb, and that power is available to attackers and defenders alike. The scale is already clear: in three weeks, Athena has processed more than 40,000 vulnerabilities, doubling its intake in that window.
The sharpest change is the attack chain. As Chainguard discusses, a frontier model can link a series of low- and medium-severity bugs into a single attack chain that ends in a breach. Each flaw looks minor on its own, and a CVSS score rates it that way, because it scores one vulnerability in isolation. The danger lives in the attack chain, where no single score can see it, and two "medium" bugs can form a critical path while every dashboard still shows green.
That is why raw severity counts understate the picture. Of the vulnerabilities submitted to Athena, 42% are critical or high, and even that sits below the true exposure once attack chains are counted.
Two further problems compound the attack-chain threat.
The first is volume. When many serious vulnerabilities surface at once, a patch-first strategy runs out of runway, because writing, shipping, testing, and deploying a fix takes time that defenders often do not have.
The second is silence. A large share of these flaws are fixed quietly upstream and never receive a CVE. Conventional scanners keyed to CVE and NVD data never flag them, which leaves organizations exposed to real issues their own tools will never name.
Coordinated defense answers both problems at once. A protected pre-disclosure window gives the ecosystem time to build protection before a flaw is weaponized, and a shared feed brings the silent vulnerabilities into view.
Zafran's role in Athena is to turn intelligence into deployable protection.
Most contributors in a coalition like this see one layer of the stack. Zafran sees where the layers meet. Our platform maps an organization's exposures across cloud and on-premises environments, down to the software components in use, and correlates them with the compensating controls a company already operates: web application firewalls, intrusion prevention, endpoint detection and response, and cloud security policies. That is the connective tissue that lets a stream of vulnerability intelligence become a specific, tested defensive move.
That vantage point lets us contribute three things to the community:
For the enterprises we protect, membership in Athena changes the timeline of a threat. Zafran sits at the center of that change, acting as the nerve center that turns the coalition's intelligence into action inside your environment.
Coordinated defense works when the organizations that discover, fix, and protect act together and share what they learn. That principle is what drew us to Athena, and it reflects how we have always believed exposure should be managed: with a clear view of what is actually at risk and a fast, practical path to protection.
We're proud to join this coalition, and we're committed to strengthening it, from contributing to the security of the open-source ecosystem to helping define how the industry measures and shortens the window of exposure. We'll share more as the program grows.
Traditional vulnerability management must change. So many are drowning in detections, and still lack insights. The time-to-exploit window sits at 5 days. Implementing a Continuous Threat Exposure Management (CTEM) program is the path forward. Moving from vulnerability management to CTEM doesn't have to be complicated. This guide outlines steps you can take to begin, continue, or refine your CTEM journey.
