Security Case Studies
Real incidents analyzed through Mentat's zero trust model. Each case study is honest about what the platform prevents and what it does not.
Compromised npm maintainer account published RAT via postinstall hook. Mentat's immutable bases and namespace isolation neutralize the attack — the RAT executes in a sandbox, cannot reach the host, and dies when the sandbox is destroyed. On the Hull driver, seccomp-bpf also kills the RAT the instant it calls ptrace, bpf, keyctl, or any syscall outside the curated node profile.
6.1TB stolen from 90+ critical infrastructure operators via shared-tenant SaaS platform. Mentat's sandbox-per-tenant model reduces blast radius from 90 organizations to 1. On Hull, per-tenant seccomp profiles, Landlock filesystem allowlists, and bridge-level nftables egress further reduce the depth of what a single compromised tenant can do.
Two Types of Isolation
These cases demonstrate two distinct security boundaries that Mentat enforces:
| Build-time isolation | Immutable overlayfs bases prevent supply chain attacks from reaching the deploy. Dependencies are locked at base build time. No npm install at deploy = no postinstall hooks = no RAT. |
| Runtime isolation | Sandbox-per-tenant with PID + mount namespaces, pivot_root, and scoped credentials prevents a breach in one tenant from reaching others. The kernel enforces what application logic fails to protect. |
| In-container hardening (Hull) | Running on the Hull driver adds seccomp-bpf syscall allowlists, Landlock filesystem restrictions, and optional --rootless NEWUSER mapping. These layers stop an attacker from doing things even after they have code execution inside the container — not just from seeing the host. |