Clasp: A four-stage supply-chain attack pattern via emergency patches

Security Advisory · v1.0 The CLASP Attack Organizations with the best patching processes are most vulnerable to CLASP and will be the first systems compromised. Chained Leveraged Attack on Supply Patching (CLASP) is a novel supply-chain attack pattern that weaponizes emergency patching for rapid global exploit deployment with minimal review or testing. The patch is the diversion, not the payload. The malicious code was already merged into the codebase, and the patch is forcing defenders to deploy it at speed. Disclosed 04/13/2026 · Published 04/23/2026 This has been made much easier with the release (and leaking) of Mythos and GPT-5.4-Cyber models. The current situation requires a shift in security posture from "defensive" to "optimize recovery" -- prevention alone is no longer sufficient when exploits are available almost on demand and maintainer pipelines are overwhelmed by AI-surfaced bug submissions (up to 95% of them false positives, exhausting the package maintainers open source depends on). Manual offline backups and regular bare-metal recovery exercises should be considered a baseline security requirement to prevent online backups from being corrupted, encrypted, or deleted. Security disclosure by Brian Gallagher, CEO of LEMA Logic. Share Copy link The CLASP Attack Pattern — click to enlarge Editor's note: we are releasing this disclosure earlier than planned due to the discovery of unauthorized Mythos access by actors outside the original "Glasswing" limited release, and the immediate relevance of that leak to the CLASP attack pattern. At a glance What Four-stage chain: dormant malware in an application or dependency + legitimate High/Critical CVE disclosed in the same or dependent package → forced emergency patching → defenders install the compromise themselves → detonation at attacker's chosen time. Why now Mythos Preview (Anthropic, 7 April) and GPT-5.4-Cyber (OpenAI, 14 April) make trigger-CVE discovery feasible on demand. Mythos was accessed without authorization on day one. Over 99% of the thousands of high/critical vulnerabilities Mythos has surfaced remain unpatched (Anthropic), and more capable models from both labs are publicly anticipated within weeks. Defense None. A successful supply-chain compromise will not be caught during a High/Critical patch release cycle. The malware will be brought into your systems. Immediately Verify physical offline backups. Rehearse bare-metal recovery. Review dependency inventory. Brief the incident response (IR) team and verify insurer coverage. The CLASP Attack Chain Four stages. Patching is Stage 3 -- the moment defenders themselves install the malware. Stage 1: Compromise the supply chain Dormant malicious code is planted in a widely-used package -- the carrier. Once merged into the main codebase, it remains dormant until Stage 4. Stage 2: Create urgency via legitimate disclosure A real High/Critical CVE is disclosed in a package that pulls the carrier into production. The disclosure takes one of three shapes: Variant A — Same-package. The CVE is in the carrier itself. Patching the CVE installs the malware directly. Variant B — Cross-package. The CVE is in a downstream package that depends on the carrier. Patching the downstream package pulls the updated carrier -- and the malware -- as a transitive dependency. The downstream maintainer did nothing wrong; their audit cannot catch it. Variant C — Dependency-cascade (the worst case). The carrier is a widely used dependency --…

This excerpt is published under fair use for community discussion. Read the full article at Clasp.