Built and validated on IBM LinuxONE
Anthropic Cyber Verification Program participant
WGDS / USE CASES

Real incidents. Real prevention.

Five real-world incidents from the past 24 months. In each case, Churchill's Protocol would have blocked the attack at the kernel, recorded the methodology, logged the evidence, and kept operations running.

USE CASES ANCHORED TO REAL INCIDENTS

What Churchill stops on the systems it protects.

Five real-world incidents from the past 24 months. In each case, Churchill's Protocol would have blocked the attack, recorded the methodology, logged the evidence, and kept operations running seamlessly.

The CISO and CAB review on their own schedule. No ticket queue. No daily management. No additional FTEs. No headaches.

We thought this through.

01 / AI Agent Altering Production

Replit

July 2025

An AI agent with valid credentials altered and deleted a proprietary production application during routine maintenance, then tried to hide the mistake.

  • Catastrophic loss in moments
  • Production data destroyed
  • Public statement: "catastrophic"
Had Churchill been installed
Blocked
Unauthorized modification, replacement, or deletion is not in the CAB-approved package. Stopped at the kernel before execution.
Continues
Production application stays intact. Business operations continue uninterrupted.
Captured
Complete log and recording of the agent's attempted methodology, delivered to the CAB.
02 / Insider Abuse

KnowBe4

July 2024

A North Korean state operative was hired as a remote software engineer, passed every screening, and installed malware on day one.

  • 300+ US companies infiltrated
  • $17.1M routed to DPRK weapons
  • Stolen US identity passed all checks
Had Churchill been installed
Blocked
Malware installer and bulk repo cloners outside CI/CD are not in the CAB-approved package. Stopped at the kernel before execution.
Continues
Operative keeps working with valid credentials. Legitimate code commits run at full speed.
Captured
Operative reveals the full playbook in the mirror envelope, recorded as forensic evidence. Identified before they suspect you're onto them. Even with root, they cannot unilaterally change the system.
03 / Supply Chain Living-off-the-Land

Cisco via Trivy

March 2026

Attackers compromised Trivy, an open-source Linux scanner with elevated access by design. They inherited that access and walked into every downstream customer.

  • 300+ Cisco GitHub repos stolen
  • AWS keys exfiltrated
  • Source code: AI Assistants, AI Defense, unreleased products
Had Churchill been installed
Blocked
A tool pulling 300 repos in minutes is not routine CI/CD. AWS key harvesters and exfiltration scripts are not in the approved package. Stopped at the kernel before execution.
Continues
Legitimate Trivy scans and developer Git activity run normally. Source code does not leave.
Captured
Stolen credentials remain valid, but malicious use does not execute. Full attack playbook captured for prosecution.
04 / Credential-Based Ransomware

Change Healthcare

February 2024

One credential without multi-factor authentication let ransomware operators into UnitedHealth's claims processing subsidiary. The pattern repeats across every regulated industry.

  • 1/3 of US healthcare claims frozen
  • 6 weeks of disruption
  • $22M ransom paid
  • 100M Americans exposed
Had Churchill been installed
Blocked
Ransomware encryption, lateral movement, and exfiltration tools are not in the CAB-approved package. Stopped at the kernel before execution.
Continues
The compromised credential remains valid. The workload keeps running. The encryption never occurs.
Captured
Forensic recording and log of the attack delivered in real time, with no damage to production.
05 / Config Drift & Legacy Compliance / Industry Context

Regulated legacy systems

Ongoing

Configurations drift from approved baselines over time. Patches, updates, and ad-hoc changes accumulate. Audits fail. Modern regulatory mandates require runtime control. Legacy infrastructure carries crown-jewel data across financial services, healthcare, energy, defense, and critical infrastructure, and cannot be ripped out and replaced.

  • DORA enforcement live since January 2025
  • NERC CIP modernization ongoing
  • HIPAA Security Rule updated 2024-2025
  • CMMC 2.0 / PCI DSS 4.0 / NIST 800-53
  • Legacy systems out of replacement budget
How Churchill addresses this
Enforced
The approved version is sealed as one application unit at CAB approval: executables, configurations, libraries, and scripts together. Churchill verifies the application as a whole, not item by item. Configuration drift cannot occur. No cascading failures.
Preserved
Legacy systems stay in production. Modern runtime clearance is applied without rip-and-replace. No new agents, no sensors, no CI/CD pipeline integration.
Proven
Audit-ready evidence of approved-state enforcement, continuously. Compliance becomes structural proof, not narrative reconstruction.
06 / Kernel Zero-Day / Featured

OpenAI o3 finds ksmbd vulnerability

May 2025

A security researcher used OpenAI's o3 model to examine Linux's ksmbd file-sharing system. The AI independently discovered a previously-unknown critical vulnerability allowing remote takeover without credentials. A historic first. The threat category is now operational.

  • First AI-discovered kernel zero-day
  • Remote takeover, no credentials needed
  • Operational threat category, not hypothetical
Had Churchill been installed

The mission does not depend on the kernel being trustworthy.

Boundary
Churchill does not prevent the kernel zero-day itself. That is the kernel maintainer's problem.
Edge
Churchill operates AT the kernel, not on top of it. CAB-approved critical applications stay protected even when the kernel itself is exploited.
Fails closed
If an attacker tries to disable Churchill to bypass enforcement, all protected applications fail closed under the imminent-breach condition.

Validated. Mythos & CTF: 100% containment. 406,433 enforcement decisions. Zero modifications, zero exfiltration, zero lag.

Built and validated on IBM LinuxONE.

Linux kernel 5.7 and higher. Compatible with Linux on x86 and Power, containers, virtual machines, and bare metal. WestGate Data Science is an IBM Technology Partner.

ANTHROPIC Cyber Verification Program

Adversarially tested through Anthropic's Cyber Verification Program.

Mythos engagement: 29 documented sessions, 11.3 cumulative hours, 406,433 enforcement decisions, multiple sessions starting with full root. 100% containment. Zero data exfiltrated.