Insights from the Blue Lantern Team
Notes on building security products, what we're seeing in the field, and the occasional opinion piece.
How Blue Lantern Security Makes it Simple to Analyze Emails for Phishing Indicators
In this post we discuss the various methods for submitting email data for analysis to Blue Lantern Security, why we've looked at making it so accessible, and what use cases you can enable with all of these methods.
Read more →Comparing the accuracy of AI models on the OWASP code scanning benchmarks
In this post we compare how GPT-5.5 and Gemini 3.5-flash compare against our classic deterministic code scanner when measured against OWASP's Java and Python Benchmarks.
Read more →Automating email header analysis: Blue Lantern Security vs. MxToolbox
MxToolbox is great for manual email header checks — but it has no API. Here's how Blue Lantern Security fills that gap for teams that need automation.
Read more →How Blue Lantern Security Compares to VirusTotal
Most VirusTotal workflows stop at the detection count. A side-by-side look at where that breaks down for SOC analysts and what Blue Lantern does differently.
Read more →Launch Day for Bluelanternsecurity.io
What we're coming to the cybersecurity market with today, march 26th, 2026, and how to sign up for our product.
Read more →Our Stance On Risk Scoring
Generic risk scores can't capture your business context. Why Blue Lantern ships pass/fail analysis details instead of opaque scores, and how to handle alert overload.
Read more →The Trick That Hijacks Your Back Button Is Now Officially Malicious
Google has put back button hijacking in the malware category. Enforcement begins June 15, and our URL Detonator now tests for it.
Read more →How Blue Lantern Security Started
Why we left stable jobs to build Blue Lantern — the case for composable, pay-per-use security tooling instead of another expensive enterprise platform.
Read more →Automate Email Analysis with the Blue Lantern API
Wire up our email analyzer to a phishing automation workflow, score every submission automatically, and stop clicking through the UI.
Read more →Automate Static Malware Analysis with the Blue Lantern API
Send suspicious files to our static analyzer using our REST apis and feed the results into your downstream triage pipeline.
Read more →Hunting Down iam:PassRole in AWS
A single CLI call surfaces every principal in your account that can hand off privileged roles — a common privilege escalation path.
Read more →Find Risky Users in AWS
Audit your AWS account against Blue Lantern's curated list of high-risk IAM actions in one command.
Read more →Find Risky Service Principals in Azure
Service principals collect permissions over time. One command audits them against a curated list of high-risk roles.
Read more →Scan AI Skills for Hidden Malware
Third-party AI skills can ship hidden prompts or executable content. Run them through static analysis before you trust them.
Read more →Scan Your Chrome Extensions for Malware
Chrome extensions sit in your browser with broad permissions. Run a static scan of the directory and find the obvious bad actors.
Read more →Scan a Code Repository for Secrets
Pre-push secret scanning is best. Retroactive secret scanning is necessary. Here's how to run the latter against an existing repo.
Read more →Scan a Directory for PII
AI tooling has made PII leaks more likely. Audit log directories for exposed personal data with one CLI call.
Read more →Run Blue Lantern Scans in GitHub Actions
Wire our secret scanner into GitHub Actions and surface findings as PR warnings without breaking builds.
Read more →