About Bomfather
Our mission: Verify trust at its source - securing software supply chains through kernel-level truth.
Who We Are
Creators of Minefield , a lightning-fast SBOM graphing tool that has become the go-to solution for vulnerability impact analysis in enterprise security stacks.
We're leading contributors to critical open source security projects that protect the modern software supply chain, including OpenSSF Scorecard, Criticality Score, GUAC, gittuf, and Sigstore. Our expertise is recognized across the industry through presentations at Linux Foundation conferences, RSA, and DEF CON, along with 3× Google Peer Bonus awards for our impact on the security ecosystem.
Our Story
A critical red team exercise of ours revealed what others missed, attackers could silently swap model weights post-deployment without detection. While traditional security stops at code review, we discovered the real threats emerge during runtime.
Bomfather was born from this revelation. Our proprietary technology leverages eBPF within the Linux kernel to create a Merkle tree security architecture that monitors, protects, and comprehensively logs every file access, GPU call, and system interaction in real-time. This cryptographic chain not only detects unauthorized changes—to models, data, or libraries—but actively protects against them while maintaining immutable records of all system activities.