Helixar.ai
Research, Articles & Announcements
Research, threat intelligence, and announcements from the Helixar team.
Latest
18 articles
When AI Agents Control Physical Systems, a Prompt Injection Becomes a Physical Event
Gemma 4 runs on a Jetson Nano and does native function calling. HDP-P is the open protocol putting a cryptographic gate between the model and the actuator layer.
Gemma 4 runs on edge hardware and does structured function calling. When that function calling is wired to a physical actuator, a bad model output is no longer a software problem. HDP-P is the open protocol that puts a cryptographic authorization layer between the model and the physical world, and the live Hugging Face demo shows it blocking a malicious command injection in real time.
Anthropic Leaked 512,000 Lines of Claude Code via a Misconfigured npm Package
A single debug file shipped to the public registry. The entire source followed. This was the second time.
On March 31, 2026, a 59.8 MB JavaScript source map in @anthropic-ai/claude-code v2.1.88 pointed to a publicly accessible Cloudflare R2 bucket containing the full Claude Code source: 1,906 TypeScript files, 512,000 lines, every internal tool and slash command, and a stealth system designed to prevent exactly this kind of leak. A single misconfigured .npmignore. The second time this happened.
Axios npm Compromised: 100M-Download Library Used to Deploy RAT via Maintainer Account Hijack
When a maintainer's account falls, every developer who runs npm install becomes a target.
On March 31, 2026, attackers hijacked the npm account of axios's lead maintainer and published two malicious versions , axios@1.14.1 and axios@0.30.4 , each containing a cross-platform remote access trojan deployed via a postinstall hook. The RAT targeted macOS, Windows, and Linux, called home to attacker-controlled infrastructure, then self-deleted. 100 million weekly downloads. Zero automated integrity checks.
HDP: The Open Protocol That Gives AI Agents a Verifiable Chain of Authority
When an AI agent acts on your behalf, there is no standard record of what you actually authorized. HDP is the first open protocol designed to fix that.
Helixar Labs publishes the Human Delegation Provenance Protocol (HDP), a v0.1 open specification for recording, signing, and verifying human authorization in agentic AI systems. The first protocol to close the delegation gap: the moment a human hands control to an AI agent, all structured record of what they authorized disappears. Free to implement, CC BY 4.0, on GitHub.
More articles forthcoming. Helixar research is published as findings are validated.