Alkemist uses remotely deployable binary runtime application self-protection (RASP) and Moving Target Defense (MTD) methods to immunize organizations from the biggest threat to software today, memory corruption exploits. Significantly reduce risk by eliminating the exploitation of vulnerabilities and precluding exploits from spreading across multiple devices and networks. Originally born out of a research project for the Advanced Research Projects Agency of the Department of Defense (DARPA), Alkemist is the only automated cyberhardening tool to protect open source, in-house developed code, and third-party binaries while leaving each system functionally identical, but logically unique.


Alkemist actively prevents malicious code from being executed through common techniques including:

  • Memory corruption vulnerabilities (buffer, stack, and heap)
  • Return/jump oriented programming (ROP/JOP) attacks
  • Compromised hardware and software supply chain attacks
  • Scaling of zero-day attacks.


Source Code Immunization

Build in virtually unbreakable memory protection, literally at  the source.

Alkemist LFR (Load-time Function Randomization) immunizes new programs during the build process. Alkemist LFR randomizes function locations every time the binary image loads into memory for execution, removing the repeatability needed for an attack to succeed. So, the same file can be signed and deployed to millions of devices, while keeping function-location information away from the attacker.

Alkemist ESP (Enterprise Software Protection) offerings are enterprise open source infrastructure components that have been immunized by RunSafe using Alkemist LFR transformations. Alkemist ESP delivers pre-hardened and tested Docker-based images of popular open source software.

Binary Code Immunization

When you don’t have access to source code, Alkemist still has you covered with unbeatable memory protection options for software and firmware binary images.

Alkemist BBR (Block-level Binary Randomization) immunizes legacy and 3rd-party (supply chain) programs. Alkemist BBR randomizes the memory addresses of basic blocks within functions of any compiled binaries or RunSafe supported processor architectures. This reordering means that the determinist required by malware to take control of code and propagation across devices/networks/versions no longer exists, while the identical functions and features of the initial software image remain in place.

Alkemist SFR (Stack Frame Randomization) also immunizes legacy and 3rd-party (supply chain) code. Alkemist SFR creates stack-level entropy by randomizing the size of the buffer set aside for local variables when functions are instantiated on the stack. This entropy deprives an attacker of the information needed to craft a payload that weaponizes a stack overflow vulnerability.

How It Works

Alkemist’s patented memory threat immunization processes reduce the attack surface of information technology, operational technology, IoT, and embedded software in data centers, cloud infrastructure, communications networks, enterprise IT systems, weapon systems, power plants and utilities, vehicles, and medical devices.

The Alkemist platform supports Linux, Windows, and RTOS-based applications and firmware running on Intel, ARM, and PPC chipsets to actively prevent common exploit techniques, including:

  • Memory corruption attacks (buffer, stack, and heap)
  • Return/jump oriented programming (ROP/JOP) attacks
  • Compromised hardware and software supply chain attacks, and
  • Scaling of zero-day attacks.

Alkemist inoculates software against memory corruption errors and buffer overflow exploits – the techniques attackers typically use to gain control of enterprise software and embedded systems and devices. Alkemist’s remotely-deployable, automatic cyberhardening transformation technology utilizes patented Runtime Application Self-Protection (RASP) and Moving Target Defense (MTD) techniques.

By preventing an exploit from compromising an initial target or spreading across multiple devices and networks, Alkemist disrupts hacker economics and shifts the odds in favor of the defender.