CodeHunter pushes behavioural malware checks upstream

CodeHunter has expanded its behavioural malware analysis and threat intelligence platform into software development workflows, aiming to identify risky software artefacts before they run in enterprise environments.

It is extending its behavioural intent technology beyond traditional malware analysis to support software supply chain security decisions across the software development lifecycle. The move comes as more artefacts flow through automated build and release pipelines, alongside a rise in AI-generated and fast-changing malware.

Industry research has highlighted the scale of the issue. Gartner has described software supply chains as spanning organisational boundaries and involving external entities as well as internal systems. It has also warned that weak integrity checks on software artefacts can allow attackers to poison delivery pipelines and compromise software during distribution.

Shift upstream

CodeHunter built its original platform as an alternative to signature-based malware detection, focusing on how software behaves rather than static indicators of compromise or known-bad patterns. It is now applying that approach earlier in development and across a wider range of artefacts.

Under the expanded model, the platform analyses inbound software, internally developed components, and third-party artefacts. It combines control-flow and behavioural analysis with rule sets and observations from a dynamic sandbox environment. The output is a Behavioural Intent Profile, described as a deterministic and explainable record of expected behaviour and associated risk.

CodeHunter positions the profile as the basis for security and engineering decisions on whether to accept software into internal environments, including whether to allow, block, quarantine, or escalate an artefact for review before it is promoted through a pipeline or deployed to production.

"Malware has changed, but so has how software enters the enterprise, with organizations now moving enormous volumes of runnable artifacts through CI/CD pipelines at machine speed," said Chris O'Ferrell, CodeHunter CEO.

"This next phase for CodeHunter is about extending behavioral intent analysis upstream, so teams can prevent malicious or policy-violating software from executing in the first place, not just detect it after a compromise," O'Ferrell said.

How it works

The platform produces a static verdict within minutes, while dynamic analysis runs in parallel. CodeHunter argues this reduces reliance on known-bad indicators and avoids the time constraints of detonation-style sandboxing alone.

The platform is designed to assess artefacts that appear trustworthy on the surface, such as a signed binary from a trusted source or one produced during a build process. It can flag behaviours such as unexpected network activity, privilege escalation, or system modifications that violate internal policy, even when software appears benign and carries valid signatures.

Organisations can apply Behavioural Intent Profiles across CI/CD pipelines, security operations processes, and production environments, covering software built internally, acquired from third parties, or introduced through supplier relationships.

Integration layer

CodeHunter does not aim to replace existing security tools. Instead, it positions the platform as an out-of-band analysis layer that integrates through APIs, connectors, and artefact submission workflows, returning verdicts and behavioural context to tools used by security and engineering teams.

It lists CI/CD systems, SIEMs, SOAR tools, and EDR platforms as integration targets. The approach reflects a broader trend in security operations, where organisations increasingly rely on multiple control points across development and runtime environments rather than a single gatekeeper.

Deterministic enforcement

CodeHunter is also emphasising how it makes enforcement decisions. While it says AI can assist with malware discovery and analyst productivity, it describes its own decisioning as deterministic and explainable to support consistency, auditability, and governance requirements in regulated environments.

The company frames this as a response to AI-generated or rapidly mutating artefacts that can evade static checks and some sandbox-driven detection. In that context, earlier behavioural assessment is becoming a key requirement for organisations running large-scale development pipelines and distributing software across hybrid estates.

The next phase of the platform includes improvements to handle higher CI/CD volumes, broaden coverage across supply chain and SDLC processes, and strengthen governance and traceability. Founded in 2021, CodeHunter says it has roots in US government research labs. It works across endpoints, cloud workloads, and development pipelines, focusing on pre-execution inspection and policy enforcement driven by behavioural analysis.