Architectural Decision: Why we pivoted to "Defense in Depth" (Static Analysis Limitations)

[lab700xdev]

We just published ADR-001: Pivot to Defense in Depth.

The TL;DR:
After receiving feedback from security researchers at Cisco and the Google Bouncer team, we are formally adjusting the scope of the AIsbom engine.

We learned that trying to guarantee "100% Malware Blocking" via static analysis on Pickle files is mathematically impossible (the Halting Problem). Sophisticated attackers can use stack manipulation to bypass static blocklists.

The New Architecture:
Instead of a single "Security Gate," AIsbom now operates as a Defense in Depth layer:

1. Layer 1 (The Scanner): We keep the static analysis engine for Hygiene. It is fast, runs in CI/CD, and catches 90% of accidental risks and script-kiddie malware. It also helps developers migrate to torch.load(weights_only=True) by identifying incompatible globals.
2. Layer 2 (The Sandbox): For high-threat models, we now officially recommend and support Runtime Sandboxing. We have added integration guides for amazing-sandbox (asb) to detonate models safely.

Read the full decision record here:

📄 docs/architecture/ADR-001-defense-in-depth.md

We believe this is a more honest and robust approach to AI Supply Chain security than promising magic bullets.

Thoughts?