News from
the North Pole
News, product updates, malware analysis, and expert macOS endpoint security guidance from the team behind Santa at North Pole Security.
Announcing Santa 2026.4
Santa 2026.4 expands tamper resistance, changes clean sync semantics, adds silenceable device notifications, and continues security hardening.
Announcing Workshop 2026.3
Workshop v2026.3 introduces CEL fallback rules, risk engine plugin filters, Santa host metrics, and much more!
Announcing Santa 2026.3
Santa 2026.3 adds encryption-aware removable media policies, CEL fallback rules for global enforcement, and significant performance improvements.
Introducing AI Chat for Workshop
Workshop now ships an AI chat that answers natural-language questions about hosts, rules, events, and policies. Bring your own LLM API key.
Blocking OpenClaw
OpenClaw (formerly Clawdbot and Moltbot) is an autonomous AI agent for macOS. Here's how to block every version with layered Santa CEL rules.
Telemetry, Rebuilt
Export Santa’s incredible telemetry stream to Workshop and query it directly from the Workshop UI using regular SQL.
Announcing Workshop 2026.2
Workshop v2026.2 introduces Chat with Workshop, Ancestor-based CEL policies, improved Telemetry export & querying, and much more!
Announcing Santa 2026.2
Santa 2026.2 adds process-tree-aware CEL rules, network monitoring and statistics, telemetry export filters, and several quality improvements.
Announcing Touch ID for Santa
Santa now supports Touch ID verification before execution, so CEL rules can require a biometric check for sensitive operations like remote debugging.
Announcing Santa 2026.1
Santa 2026.1 adds TouchID-gated execution, network mount blocking, a menu bar item for common tasks, co-branding, and many other improvements.
Announcing Workshop 2026.1
Workshop 2026.1 adds Package Rules, TouchID-gated execution, network mount blocking, and a range of usability and performance improvements.
Introducing Package Rules
Workshop's new Package Rules automate allowlist maintenance for Homebrew, npm, Cargo, and other package managers so developers never get blocked.
Advent Calendar: 25 Days of macOS Protection
Santa Security Advent Calendar: 25 production-ready CEL and FAA rules inspired by real macOS malware like Atomic Stealer, one new rule each day.
A Private Sync Protocol for Workshop
A new, private sync protocol has been introduced for Workshop customers that allows for faster feature delivery and iteration.
One Year of North Pole Security
Join us as we reflect on North Pole Security's first year, highlighting our achievements, challenges, and the dedicated team behind our success.
We Raised $4M to Reimagine Endpoint Security
North Pole Security closes a $4M seed round led by Andreessen Horowitz to accelerate Workshop, our prevention-first endpoint platform for macOS.
No posts in this category yet.