Maze Blog

Insights & Research

Vulnerability research, threat intelligence, and product updates from the Maze team — covering CVEs, pre-CVE detection, exploit chains, and artifact analysis.

Maze Found It in Minutes. OpenAI Disclosed Ten Days Later.
Latest · · 3 min read

Maze Found It in Minutes. OpenAI Disclosed Ten Days Later.

When the biggest supply chain attack of 2026 hit, Maze detected the compromised component inside OpenAI's software within minutes. OpenAI disclosed ten days later.

Read article
The Pre-CVE Window Is the New Attack Surface
5 min read

The Pre-CVE Window Is the New Attack Surface

A CVE used to be a warning. Now it's an obituary. The pre-CVE window is the gap between when attackers find a vulnerability and when the world catalogs it, and it has become the dominant attack surface no scanner can see into.

Read article
Forks All the Way Down
5 min read

Forks All the Way Down

Most vendor software was forked from open source. When a CVE hits the original, there is no mechanism to detect if the fork is affected. This is the problem that has never been solved - until now.

Read article
The Supply Chain Layer Nobody Checks
5 min read

The Supply Chain Layer Nobody Checks

Your supply chain doesn't start with software. It starts with firmware. Every device in your environment runs firmware your team has never looked at, and it's the layer nobody is watching.

Read article
Your Attack Surface Is Your Supply Chain — And It's a Black Box
4 min read

Your Attack Surface Is Your Supply Chain — And It's a Black Box

Modern enterprises run on software they didn't build. The chain of dependencies goes layers deep, and nobody in it has full visibility. A black box of risk you fully inherit.

Read article