Releases•
Announcing Workshop 2026.3
Workshop v2026.3 introduces CEL fallback rules, risk engine plugin filters, Santa host metrics, and much more!
By Russell Hancox
News from the North Pole
Insights, updates, and expert analysis from the North Pole Security team.
RSSReleases•
Announcing Santa 2026.3
Santa v2026.3 introduces several significant features, including the ability to enforce encryption policies on removable media, CEL fallback rules for global policy enforcement, meaningful performance improvements, and more.
By Matthew White
Product•
Introducing AI Chat for Workshop
Workshop now includes an AI-powered chat interface that lets you query hosts, rules, events, and policies using natural language. Bring your own API key from Anthropic, OpenAI, or Google.
By Pete Markowsky
Guides•
Blocking OpenClaw
OpenClaw (formerly Clawdbot and Moltbot) is an autonomous AI agent that can execute commands on user machines. Here's how to block all versions of it with Santa CEL rules across curl, npm, Homebrew, and the macOS app.
By Tom Burgin
Product•
Telemetry, Rebuilt
Export Santa’s incredible telemetry stream to Workshop and query it directly from the Workshop UI using regular SQL.
By Russell Hancox
Releases•
Announcing Workshop 2026.2
Workshop v2026.2 introduces Chat with Workshop, Ancestor-based CEL policies, improved Telemetry export & querying, and much more!
By Russell Hancox
Releases•
Announcing Santa 2026.2
Santa v2026.2 introduces several significant features, including process-tree-aware rules, network monitoring and statistics, telemetry export filters, and more.
By Matthew White
Product•
Announcing Touch ID - Santa Checks Twice (with your Fingerprint)
Santa now supports Touch ID verification before execution. Create CEL rules that require biometric confirmation for sensitive operations like browser debugging mode.
By Pete Markowsky
Releases•
Announcing Santa 2026.1
Santa v2026.1 introduces several significant features, including the ability to gate execution behind TouchID, block mounting network shares, a menu bar item for interacting with Santa without a terminal, co-branding, and more.
By Matthew White
Releases•
Announcing Workshop 2026.1
Workshop v2026.1 introduces several significant features, including package rules, the ability to gate execution behind TouchID, network mount blocking, and more.
By Russell Hancox
Announcements•
Introducing Package Rules
Package Rules automates the tedious work of maintaining allowlists for Homebrew, npm, Cargo, and other package managers. Workshop now keeps your execution rules current so your developers can use the tools they need.
By Pete Markowsky
Advent Calendar•
North Pole Security Advent Calendar: 25 Days of macOS Protection
Discover 25 production-ready Santa rules inspired by actual macOS malware. Each day reveals a new CEL or FAA configuration to protect against threats like Atomic Stealer and threat campaigns targeting credentials, persistence, and data exfiltration.
By Pete Markowsky
Announcements•
Introducing a Private Sync Protocol for Workshop Customers
A new, private sync protocol has been introduced for Workshop customers that allows for faster feature delivery and iteration.
By Pete Markowsky
Announcements•
One Year of North Pole Security
Join us as we reflect on North Pole Security's first year, highlighting our achievements, challenges, and the dedicated team behind our success.
By Pete Markowsky
Announcements•
North Pole Security Raises $4M to Reimagine Endpoint Security for macOS
North Pole Security raises $4M in seed funding to accelerate development of Workshop, a proactive, prevention-first endpoint security platform for macOS that uses advanced allowlisting to stop threats before they run
By Pete Markowsky