Research & Release Notes

Anti-LLM JavaScript protection, written down.

Long-form articles on what AI assistants can and cannot do with obfuscated JavaScript, how Maximum-mode transforms hold up against modern reverse engineering, and how teams put protection into release workflows.

Open the Playground Maximum Mode Overview
Featured Article
Vendor Comparison 2026-04-26 ~10 min read

JavaScript VM protection compared — Jscrambler, JSDefender, Verimatrix, OSS virtualizers

Vendor by vendor on JavaScript bytecode VM protection. What Jscrambler, PreEmptive JSDefender, Verimatrix Code Protection, Digital.ai Application Protection, and the open-source virtualizers actually ship. Where JSO’s selective per-function virtualization fits. Includes a budget-band decision framework.

Read the full comparison

More research and roadmap

Newest first
Supply-chain integrity · Shipped 2026-05-28 ~7 min read

Watermarks + signed attestations for protected JavaScript

HMAC-SHA256 watermarks that survive every obfuscation transform, Ed25519-signed release attestations with two-stage verify, pre-flight quota gates, bulk forensic scanner. Cross-language verified across Node, Python, and .NET. Wire format is open. Six lines of GitHub Action YAML covers the whole stack.

Read article ›
JSO AI · Phase 1 shipped Updated 2026-06-06 ~5 min read

JSO AI previews and BYO keys are live

Four endpoints, three browser previews, encrypted OpenAI / Claude account keys, Prometheus usage export, JSON Schema, language client snippets, and RSS. Preview mode works without a key; BYO keys turn the same endpoints into live AI for that account.

Read article ›
Maximum Mode · VM Bytecode 2026-04-26 ~8 min read

VM-based protection in Maximum mode

JSO ships real bytecode virtualization in Maximum mode. Selected hot functions compile to opcodes; a per-build VM interpreter executes them at runtime. The design tradeoffs and why it’s opt-in per function rather than whole-bundle default.

Read article ›
Anti-LLM Research 2026-04-25 ~9 min read

Can ChatGPT, Claude, or Copilot reverse-engineer obfuscated JavaScript?

A direct technical answer for 2026. What today’s AI assistants can actually deobfuscate, where they break down structurally, and why per-build polymorphic decoders defeat the pattern-matching approach LLMs rely on.

Read article ›

More articles coming

We publish on anti-LLM protection, modern JavaScript build integration, and how obfuscation fits with monitoring and server-side authority. New posts are linked from the homepage when they go live.

VM-Class Output Runtime Defense Guide Compare Obfuscators