惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
Recent Commits to openclaw:main
Recent Commits to openclaw:main
H
Heimdal Security Blog
SecWiki News
SecWiki News
H
Hacker News: Front Page
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
TaoSecurity Blog
TaoSecurity Blog
AI
AI
C
Cybersecurity and Infrastructure Security Agency CISA
Scott Helme
Scott Helme
PCI Perspectives
PCI Perspectives
S
Securelist
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Cyberwarzone
Cyberwarzone
A
Arctic Wolf
Forbes - Security
Forbes - Security
T
Tor Project blog
Spread Privacy
Spread Privacy
WordPress大学
WordPress大学
I
Intezer
Martin Fowler
Martin Fowler
Help Net Security
Help Net Security
P
Proofpoint News Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Cisco Talos Blog
Cisco Talos Blog
Latest news
Latest news
博客园 - 司徒正美
W
WeLiveSecurity
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V
V2EX
P
Palo Alto Networks Blog
Google DeepMind News
Google DeepMind News
IT之家
IT之家
阮一峰的网络日志
阮一峰的网络日志
V
Vulnerabilities – Threatpost
Jina AI
Jina AI
S
Security Affairs
Hacker News - Newest:
Hacker News - Newest: "LLM"
Simon Willison's Weblog
Simon Willison's Weblog
Project Zero
Project Zero
T
Threatpost
P
Privacy International News Feed
人人都是产品经理
人人都是产品经理
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - Franky
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research

Show HN

GitHub - steveking-gh/firmion: Firmion is DSL and engine for firmware image generation. GitHub - villagesql/villagesql-skills: Agent skills for VillageSQL - gemini-cli-extension; claude-code-plugin GitHub - flightdeckhq/flightdeck: Observability and control plane for AI agents. CSP Radar GitHub - Light-Heart-Labs/DreamServer: Turn your PC, Mac, or Linux box into an AI server. LLM inference, chat UI, voice, agents, workflows, RAG, and image generation. GitHub - Diplomat-ai/diplomat-agent-ts: What can your TypeScript AI agent do to the real world? Scan your code. See which tool calls have zero checks Code Block Selector - Visual Studio Marketplace Prometheus dependency graph — interactive showcase | Riftmap Show HN: I made a vi-like modal keyboard plugin for Figma GitHub - run-llama/liteparse: A fast, helpful, and open-source document parser GitHub - dalemyers/Roar: A macOS CLI tool for notifications GitHub - district-solutions/open-agent-tools-coder: Enables small-to-large self-hosted ai models to use local source code when running tool-calling agentic workloads. We actively data mine 20,900+ (2+ TB) popular github repos using large and small ai models to create reuseable: json, markdown and parquet files for local-first tool-calling models. GitHub - progapandist/stripeek: A local TUI proxy for real-time Stripe API debugging, built for navigating complex payloads fast. GitHub - sir1st/hermes-desktop: All-in-one cross-platform desktop app for Hermes Agent — bundles Python + hermes-agent + hermes-web-ui GitHub - astefanutti/shaderbang: Shebang for Shaders Show HN: Generate Claude Code Workflows using Spec Driven Development approach GitHub - nixys/nxs-universal-chart: The Helm chart you can use to install any of your applications into Kubernetes/OpenShift Show HN: AI agents for UK GDAD PCF roles and their skills The Two Pillars: Mixer Mode and Meta-Software in the Reorganization of Software Work After AI GitHub - JaiCode08/teleport-env What 1,000+ Harness Experiments Taught Me About Self-Improving Agents Show HN: Liiists, a Markdown-first, iOS and CLI list app SwiperTab – Get this Extension for 🦊 Firefox (en-US) GitHub - kouhxp/fftext: Summarize, explain, fact-check, or translate any text, URL, or file. No GPU. No cloud. One command GitHub - sweetpad-dev/sweetpad: Develop Swift/iOS projects using VSCode GitHub - dogmaticdev/IRON: IRON a.k.a. Intermediate Representation Object Notation is a Interpreter/Database that is used to create Programming Languages. GitHub - sjhalani7/vaen: Package your AI coding harness into a portable .agent file, and share it across repos, teams, & the community without ever having to copy-paste instructions, skills, MCP config, or secrets. Show HN: Gandalf the Grader Show HN: Citadeld – replay any CI failure locally from a single file GitHub - tdortman/cuSBF: High-Performance GPU Super Bloom Filter coral-ai/claude-code-token-xray at main · Coral-Bricks-AI/coral-ai GitHub - ulyssestenn/funes: Funes is a Git-based framework for LLM-managed knowledge work: an AI Librarian ingests raw sources, builds an interlinked Markdown knowledge base, and uses it to produce cited reports, analyses, and other outputs. GitHub - ThatXliner/gah: Git Add Hunk, built for agents to use GitHub - harmont-dev/harmont-cli: Command-line client for the Harmont CI platform GitHub - brooksmcmillin/mcp-authflow: OAuth 2.0 Authorization Server framework for MCP servers GitHub - javaid-codes/audit-supply-chain-agents GitHub - amorey/gochan: A small library of common channel architectures for Go, inspired by Rust GitHub - arifozgun/OpenGem: Free, Open-Source AI API Gateway with Gemini, OpenAI & Anthropic Compatibility in 1 file GitHub - Pranesh950/BioPetals: 🌸 Run BIOxAI models at home, BitTorrent-style. Fine-tuning and inference up to 10x faster than offloading GitHub - cnguyen14/bounty-doctor: Diagnose a GitHub bounty issue before you waste hours: detects honeypot scam repos, AI-bot attempt swarms, and stale contests. Show HN: CoreMCP – MCP Server for On-Prem DBs Show HN: KittyHTML – Render HTML/CSS as an inline image in your terminal GitHub - bingud/filemat: Web-based file manager Show HN: TruthLens – Free multi-signal deepfake image detector GitHub - apexlocal-jz/claude-usage-tray: Windows system-tray app showing your Claude Code rate-limit usage at a glance. Zero deps, ~300 lines of PowerShell. Cross-IDE (works regardless of VS Code, Cursor, plain terminal). Release v0.1.2.1 · kouhxp/yapsnap GitHub - noopolis/moltnet: Self-hostable chat network for AI agents. Pre-built bridges for Claude Code, Codex, and the Claws. Rooms, DMs, history. No Slack bots, no Matrix, no glue code. GitHub - tamerh/enju: Coordinating Humans, AI Agents, and Compute as Peers on a Shared Workflow Graph Show HN: Continuity-auth – Respect-weighted rate limits for the open web GitHub - luml-ai/luml: AI lifecycle platform where engineers and agents track experiments, train models, and ship to production. GitHub - mrdanielcasper/CoreTex: A UNIX-inspired, biomimetic, flat-file AI harness and knowledge engine. GitHub - clemg/pierre-github: Pierre's diffs.com and trees.software for Github GitHub - lyriks-io/unspaghettit: Behavior-driven AI development without prompt spaghetti. GitHub - sofumel/claude-handoff-revive: Resume Claude Code work after rate/usage/context limits without replaying the prior transcript. Auto-saves at 90%/95% usage. Plugin-installable, 10 languages. GitHub - dotexorg/saferpc: Typed, end-to-end encrypted RPC over any bidirectional channel. GitHub - BeeZeeAgent/beezee: Agent harness orchestration Legato Next.js Boilerplate for Internal Tools · CoreUI GitHub - clark-labs-inc/clark-hash: Clark Hash, 32x smaller searchable sketches for embeddings GitHub - ZeroPointRepo/youtube-mcp: The fastest YouTube transcript + YouTube search MCP for AI agents. Try for free. Typing Mastery — climb toward 100+ WPM, deliberately GitHub - Andebugulin/Awareen GitHub - fayzan123/claude-workflow-composer: Visual desktop app for composing multi-agent coding workflows. Drag agents, attach skills and MCPs, wire handoffs, export to .claude/ GitHub - harshaneel/humanize: Best static AI text humanizer. Two research-grounded skills that work in any LLM (Claude, ChatGPT, Gemini, Codex): humanize beats perplexity-based detectors, ai-check produces forensic scoring with evidence-quoted flags. Nine levers, 50+ peer-reviewed sources, 2024-2026 detection literature. GitHub - StackOneHQ/stack-nudge GitHub - nodes-app/swift-markdown-engine: A native AppKit Markdown editor for macOS, built on TextKit 2 and bridged to SwiftUI. We hardened an LLM agent. Each defense we added made it more exploitable. GitHub - alkait/WhatsKept: Agent-queryable WhatsApp history from an iOS backup — a single Go binary. GitHub - octelium/cordium: Open-source, general-purpose sandbox platform for devs and AI agents that provides identity-based secure access to infrastructure without credentials. WAR.GOV/UFO Microfilm5 GitHub - scosman/videowright: Build animated explainer videos with your coding agent GitHub - dipankar/dscode: The code editor you can take apart. GitHub - zoharbabin/web-researcher-mcp: MCP server (Go) for AI assistants: web search, content extraction, academic/patent/news research. Multi-provider routing, 4-tier scraping, search lenses. Works with Claude, Cursor, and any MCP client. GitHub - ruvnet/RuView: π RuView turns commodity WiFi signals into real-time spatial intelligence, vital sign monitoring, and presence detection — all without a single pixel of video. GitHub - scanaislop/aislop: Catch the slop AI coding agents leave in your code: narrative comments, swallowed exceptions, as-any casts, dead code, oversized functions. 50+ rules across 7 languages (TypeScript, JavaScript, Python, Go, Rust, Ruby, PHP). Sub-second, deterministic, no LLM at runtime. MIT-licensed. GitHub - kouhxp/cheap-im: CPU-only voice agent approximating Thinking Machines' Interaction Models demo GitHub - unprovable/OrchidMantis: Orchid Mantis — standalone framework for Zero-Knowledge Proofs of eXploit (ZKPoX). GitHub - MarcellM01/TinySearch: Shrink the web for your local LLMs! GitHub - TangibleResearch/Halgorithem: A Algo designed to detect AI Hallucitions GitHub - DO-SAY-GO/freelang: I love freelang GitHub - CarpseDeam/Aura-IDE: An AI coding harness that shaped itself - Planner/Worker agents, repo awareness, surgical edits, validation, recovery, and safe diff approvals. GitHub - chojs23/concord: A feature-rich TUI client for Discord GitHub - tommyjepsen/awesome-ux-skills: UX & AI Product designs skills you can use today in Claude Code GitHub - aerf-spec/aerf: Agent Evidence Receipt Format (AERF) — an open specification for tamper-evident, independently verifiable records of AI agent actions. GitHub - kklimuk/docx-cli: CLI for AI agents (Claude, Codex) to read, edit, and comment on .docx files with full format fidelity. GitHub - Jwrede/tokentoll: Catch LLM cost changes in code review. Infracost for LLM spend. GitHub - samchon/ttsc: A `typescript-go` toolchain for compiler-powered plugins and type-safe execution + 500x faster lint integrated into compiler GitHub - Higangssh/homebutler: 🏠 Manage your homelab from chat. Single binary, zero dependencies. GitHub - olalie/tapmap: See where your computer connects and what stands out on a live world map. GitHub - Diplomat-ai/diplomat-agent: What can your AI agent do to the real world? Scan your code. See which tool calls have zero checks GitHub - Bajusz15/beacon: Open-source agent for secure remote access, monitoring, and deploys across home-lab and self-hosted machines like Raspberry Pi, N100, or any Linux server. Open web based TTY or tunnel Home Assistant and other local services securely without opening ports. BigTech AI News - Chrome 应用商店 GitHub - vinhnx/VTCode: VT Code is an open-source coding agent with LLM-native code understanding and robust shell safety. Supports multiple LLM providers with automatic failover and efficient context management. GitHub - michaelaz774/decision-engine: A decision operating system for startup founders, powered by Claude Code. Synthesizes wisdom from 25+ legendary founders and investors into interactive AI-driven decision frameworks. GitHub - Chrilleweb/dotenv-diff: Validate environment variable usage in your codebase GitHub - Lumen-Labs/brainapi2: BrainAPI is a knowledge graph–powered AI memory layer that transforms unstructured data into structured knowledge, enabling intelligent search, recommendations, and contextual memory for AI agents and applications. GitHub - familiar-software/familiar: Let AI watch you work. Familiar lets your AI update its memory, skills, and knowledge by watching your screen. GitHub - skorotkiewicz/rudo: A small, elegant dock for Wayland GitHub - muxshed/shed: One stream in, or many. Every destination, simultaneously. No cloud middleman, no per-channel fees, no limits. make sidebar/address bar rounded corner toggleable
iOS Security SDKs & Audits for Production Teams | Sentinel Den
Muhammad Khan · 2026-06-12 · via Show HN

iOS Security · Audits & Runtime Defense

Drop-in iOS security tooling
for apps that can't fail.

iOS security audits, penetration testing, and Swift runtime-defense SDKs for fintech, wallets, health, and credential-class apps where a breach is a regulator event.

Static binary review, dynamic runtime analysis, full Swift/Objective-C codebase audits, and signed Swift frameworks for jailbreak, debugger, and tamper detection.

  • Top 3% · Toptal-vetted
  • Independent · Vancouver, BC
  • 12 SDKs · 1 macOS app · all signed
sentinel-cli · runtime defense audit LIVE

$ sentinel scan --target MyApp.app/MyApp → resolving Mach-O · arm64 · iOS 17.4 [ scan ] 4 segments · 22 sections · 312 imports DYLD image graph clean (62/62 verified) ptrace + sysctl: PT_DENY_ATTACH armed ! DYLD_INSERT_LIBRARIES env present (FridaGadget.dylib) Frida fingerprint detected: 3 matches @ 0x10027c000 → writing report → audit-2026-05-07.json complete · 7 findings · 1 critical · 35ms

Choose your path

30+

jailbreak primitives detected

checkra1n · palera1n · Dopamine · rootless

<2ms

cold-path overhead

measured on iPhone 12 mini

0

PII collected, ever

fully on-device evaluation

0

third-party dependencies

pure Swift, signed .xcframework

Built for teams shipping iOS to

01 · Consulting

Audit Tiers

Four engagement shapes covering everything from a fast binary triage to multi-week threat-modeling for production-critical apps.

Tier 1 · 5–7 days

Static Architecture Scan

A comprehensive review of your application binary. We identify exposed API keys, plaintext secrets in Info.plist, and basic cryptographic misconfigurations before they hit production.

Request this audit

Tier 2 · 2–3 weeks

Deep Dive & Runtime Analysis

Advanced dynamic analysis identifying weaknesses in jailbreak defenses, debugger detection, and network traffic interception vulnerabilities across the execution lifecycle.

Request this audit

Tier 3 · 3–6 weeks

Full Codebase Review

A complete structural audit of your Swift or Objective-C source code to ensure compliance, secure data handling, and robust intellectual property protection.

Request this audit

Tier 4 · scoped

Secure Architecture & Threat Modeling

Proactive defense design for new features or complete refactors. We map trust boundaries and design zero-knowledge, hardware-backed storage policies using the Secure Enclave before a single line of code is written.

Request this audit

Tier 5 · 1–3 weeks

Compliance & MASVS Evidence Package

Map your app to OWASP MASVS Level 1 or Level 2 control identifiers, then produce an auditor-ready evidence package. Supports SOC 2, PCI-DSS, HIPAA, and regulated-industry vendor reviews; each finding cites the MASVS control it satisfies or violates.

Request this audit

Tier 6 · monthly

Continuous Audit Retainer

An ongoing engagement, not a one-off scan. Pre-submission review of each App Store release, dependency-drift watch with advisory triage, quarterly threat-model refresh, and one engineering office hour per month. For teams shipping every two weeks.

Request this audit

02 · Developer Security Suite

Drop-in Swift Frameworks

Twelve hardened Swift libraries you can integrate in an afternoon. Pick one, deploy the full suite for layered defense, or grab a curated bundle pack below for the most common defense pairings.

The portfolio expanded from 7 to 12 SDKs in 2026 because three engineering shifts happened simultaneously: on-device AI moved out of research and into shipping apps (PresenceKit, IntentKit, AnomalyKit), Apple's Required Reason API enforcement made privacy review a release-blocker for any non-trivial app (ManifestGuard, RedactKit), and behavioral-biometric defense became table-stakes for credential-class iOS apps where Face ID is a one-shot gate (BehaviorGuard's deeper integration with PresenceKit). The 12 SDKs aren't a sprawl, they're four foundational defense primitives plus eight specialists for the surfaces that emerged in the last 18 months.

Available now

RuntimeGuard SDK

A hardened, drop-in library focused on advanced jailbreak, debugger, and tampered runtime detection.

View pricing
Available now

PayloadGuard SDK

True SPKI pinning with multi-pin rotation, payload encryption above TLS, and pinned WebSocket support. Survive the day a corporate proxy gets between your app and your backend.

View pricing
Available now

AgenticGuard SDK

Sandbox on-device LLM agents on Apple Foundation Models and MLX. Typed tool registry, fail-closed intent verification, network egress policy, hash-chained audit trail.

View pricing
Available now

EnclaveVault SDK

Typed Swift wrapper around the Apple Secure Enclave. Compile-time biometric policy selection, CI-grade Enclave residency attestation, mandatory invalidation handlers.

View pricing
Available now

BehaviorGuard SDK

Continuous behavioral biometrics: ten on-device signals (touch, typing, motion, gait) fused into a four-band adaptive risk score with session degradation and per-transaction step-up.

View pricing
Available now

InputGuard SDK

Secure-input framework for credential-class flows: randomized in-app keyboard, AES-GCM in-process clipboard, BIP-39 mnemonic handling, composite jailbreak / debugger / swizzle detection.

View pricing
Available now

ScreenGuard SDK

Screen capture / screen recording / screenshot protection with HMAC-signed forensic watermarks. Compliance presets for HIPAA, PCI-DSS, GDPR, FINRA. OCR-based leak attribution verifier.

View pricing
New

PresenceKit SDK

NPU-pinned continuous presence verification. Multi-modal fusion across motion, vision, and audio with Bayesian inverse-variance weighting. App Attest hook on Pro. Pairs with BehaviorGuard.

View pricing
New

IntentKit SDK

Offline SLM intent engine. Natural-language to typed Swift tool calls, on-device, no cloud round-trip. INT4 quantization with KV-cache budget, JSON-schema-coerced output. Pairs with AgenticGuard.

View pricing
New

AnomalyKit SDK

On-device anomaly detection across four modalities (telemetry, behavioral, acoustic, sensor). INT4 models, Ed25519-signed artifacts, CloudKit E2EE-sealed state sync. Pairs with RuntimeGuard.

View pricing
New

ManifestGuard SDK

Debug-only PrivacyInfo.xcprivacy auditor. Five Obj-C swizzles plus four opt-in C-function rebinders; compiles to NoOp in Release so App Store ships zero swizzling. Bundled with manifest generator + differ.

View pricing
New

RedactKit SDK

On-device PII redaction across three modalities (visual, audio, text). Vision face + text-region, on-device speech-PII, composite text-PII over 8+ categories. Pluggable RedactionPolicy. Pairs with ScreenGuard.

View pricing

Explore the full Developer Security Suite

03 · Bundle packs

Pre-paired SDKs for one defensive job

Five curated bundles for teams that already know exactly which threat class they're hardening against. Each pack is one annual subscription covering all included SDKs at the same tier; Bundle IDs are shared.

Foundational

SentinelDen Suite

RuntimeGuard + PayloadGuard + AgenticGuard + EnclaveVault

For: any iOS app where runtime defense + network defense + agent guardrails + Secure-Enclave keys are all in scope. Defense in depth for the four attack surfaces every iOS app exposes: hostile runtime, hostile network, hostile agent tools, and unprotected secrets. The four-SDK foundation every hardened app stack starts from.

Indie $1,299 · Pro $4,999 · Enterprise custom

View Suite

New

Behavioral Defense Pack

BehaviorGuard + PresenceKit

For: fintech, healthcare, and regulated payments apps where continuous "is the right human still holding the device" verification is a security requirement. Touch-rhythm anomaly detection paired with NPU-backed continuous presence verification.

Indie $799 · Pro $3,199 · Enterprise custom

View pack

New

Agent Stack Pack

AgenticGuard + IntentKit + RuntimeGuard

For: iOS apps shipping LLM-agent features where prompt-injection defense, offline intent classification, and runtime integrity all matter together. Verify the intent, sandbox the tool, defend the runtime. The three-layer floor every iOS LLM-agent app should have before any tool call fires.

Indie $1,099 · Pro $4,399 · Enterprise custom

View pack

New

Privacy Compliance Pack

ScreenGuard + RedactKit + ManifestGuard + EnclaveVault

For: iOS apps facing an App Store privacy review (PrivacyInfo.xcprivacy, on-device PII redaction, capture protection, Secure-Enclave key residency). Ship a clean App Store privacy review. The four-piece toolkit for screen-capture controls, on-device PII redaction, automated PrivacyInfo.xcprivacy generation, and Secure-Enclave-backed storage.

Indie $1,499 · Pro $5,999 · Enterprise custom

View pack

New

AI Anomaly Pack

AnomalyKit + RuntimeGuard + BehaviorGuard

For: iOS apps where statistical, behavioral, and acoustic tamper signals need to be fused into one risk picture (high-stakes consumer fintech, threat-aware health apps). Three layers of tamper detection. Statistical anomalies, hard-edge runtime indicators, and behavioral baseline drift, fused with a hysteretic policy.

Indie $1,199 · Pro $4,799 · Enterprise custom

View pack

Compare all bundles side by side

04 · Desktop tooling

SentinelDen Studio

A native macOS application that brings static binary analysis, Frida-orchestrated runtime instrumentation, and structured reporting into one signed workspace. The tool an iOS security audit is run with, now available to the teams whose apps it audits.

Free during beta · until Dec 31, 2026

Desktop-class iOS security auditing

One workspace for static binary review, Frida-based runtime instrumentation, and CI-ingestible reporting. Notarized macOS app, hardened runtime, no telemetry on your audit subjects.

  • Mach-O segments · class-dump · symbol browser · privacy manifest audit
  • Frida orchestration · device + process listing · memory dump · REPL
  • Typeset PDF reports · CycloneDX SBOM · SARIF for CI
  • macOS 14 (Sonoma) · Apple Silicon · notarized DMG

Download Studio See what it does

05 · About

The Auditor

Muhammad Khan

Independent iOS Security Researcher

Over a decade of deep native engineering experience. Sentinel Den bridges the gap between high-level app development and specialized security methodologies, providing actionable, developer-friendly remediation for complex mobile vulnerabilities, without compromising user experience.

Practice areas: Mach-O reverse engineering, runtime instrumentation defense, Secure Enclave architecture, App Attest integration, code-signing pipelines.

Junaid Khan · macOS distribution partner. The Sentinel Den macOS product line, including SentinelDen Studio, is signed under Junaid's Apple Developer Program team during this phase of the project. Junaid otherwise builds independent utility apps and games for Apple platforms.

06 · Continuity guarantee

If we disappear, your apps don't.

Sentinel Den is a focused operation, not a 1,000-person vendor. That's the honest trade-off: higher engineering attention per dollar in exchange for procurement's legitimate question about what happens if we vanish. Three contractual mitigations are built in, by design.

Shipped builds keep working

SDKs don't phone home for runtime authorization. License verification happens once at SDK initialization with a 14-day grace cache. If our API is offline tomorrow, your shipped app continues to function on every device that's previously checked in, long enough to ship a migration, not a hotfix.

Source-code escrow

Available on the Enterprise tier. The full SDK source is held by an independent third-party escrow agent and released to you on a defined trigger, Sentinel Den ceasing operations, missed support SLA, or acquisition without continuity warranty. You maintain integration-critical code indefinitely.

Technique documentation is public

Every detection and defense pattern our SDKs implement is documented in detail on our engineering blog, 39 posts and counting. If you ever have to rebuild, you start with a written field guide on how to do it. We wrote it.

Need the escrow-agreement template, or a written brief on how the grace-cache mechanism handles specific failure scenarios? Request via the contact form.

07 · Engineering writing

Latest from the blog

Technical deep-dives on the problems we built Sentinel Den's SDKs to solve. All posts.

10 min read

Composing the Suite at runtime: boot order, audit-chain alignment, fail-closed handoff

RuntimeGuard boots first. Then EnclaveVault, then PayloadGuard, then AgenticGuard. Why order matters, what each SDK depends on from the previous one.

Related: RuntimeGuard SDK

10 min read

Shared Bundle IDs across the Suite: one license, four SDKs, the integration math

What it actually means when 4 SDKs share a Bundle ID quota. License-startup overhead, audit-chain coordination, and the per-SDK XXXLicensing pattern.

Related: RuntimeGuard SDK

10 min read

The four-SDK floor: why RuntimeGuard + PayloadGuard + AgenticGuard + EnclaveVault is the SentinelDen Suite

Why these four SDKs were the original Suite. The defense-in-depth rationale, what each layer catches that the others miss, and the integration order.

Related: RuntimeGuard SDK

Procurement & compliance

For the security questionnaire

Everything a vendor-review team typically asks for is on one of these pages. Anything not here is on request via the contact form.

iOS Security Auditing FAQ

Common questions from engineering and security teams evaluating an iOS audit. For anything not covered here, use the contact form.

What is included in an iOS security audit?

An audit examines what an attacker would: your shipped binary (Mach-O headers, embedded strings, exposed API keys, plaintext secrets), your runtime defenses (jailbreak detection, debugger detection, anti-tampering), your network layer (TLS pinning, certificate validation, MITM resistance), and your data-at-rest posture (Keychain ACLs, Secure Enclave usage, file protection classes). Deliverables are a written report with remediation guidance, severity-ranked findings, and reproduction steps for every issue.

How long does an iOS security audit take?

A Tier 1 Static Architecture Scan typically completes in 5–7 business days. A Tier 2 Deep Dive & Runtime Analysis runs 2–3 weeks depending on app complexity. A Tier 3 Full Codebase Review scales with codebase size, with typical engagements running 3 to 6 weeks. Tier 4 threat modeling is scoped per project, and Tier 5 MASVS compliance evidence packages run 1–3 weeks. Tier 6 is a recurring monthly retainer. Submit the contact form with your app's binary size and feature scope for a precise estimate.

Do you sign an NDA before reviewing my code?

Yes. An NDA is mandatory and signed before any source code, binary, or architectural diagram is shared. Mutual NDAs are reviewed within one business day. Enterprise engagements are governed by a Master Service Agreement (MSA) covering confidentiality, IP ownership, liability, and source code handling.

What deliverables do I receive at the end of the audit?

A written PDF report with an executive summary, full findings (each with severity, exploitation walkthrough, and remediation), an inventory of every check performed, and a 30-day follow-up window for clarification questions. Findings are tracked through to closure: when you patch an issue, we re-validate at no additional cost within the engagement window.

Can I combine an audit with RuntimeGuard SDK integration?

Yes. Most clients pair a Tier 2 (Deep Dive) or Tier 3 (Full Codebase) audit with a RuntimeGuard SDK Professional or Enterprise license. The audit identifies which detection signals matter most for your threat model, and the SDK provides them in production. A combined engagement gets a 15% discount on the SDK license. Contact us via the form for a quote.

Do you work with apps outside iOS?

The practice is iOS-first. Engagements involving an iOS frontend with a server-side or Android counterpart are accepted on a case-by-case basis. We partner with vetted Android and backend security specialists when the scope warrants it.