Subgraph OS was a Debian-based project designed to be resistant to surveillance and interference by sophisticated adversaries over the Internet.

This was accomplished through system hardening and a proactive, ongoing focus on security and attack resistance.

Subgraph OS also placed emphasis on ensuring the integrity of installed software packages through deterministic compilation.

The last update of the project's blog was in September 2017,[10] and all of its GitHub repositories haven't seen activity since 2020.

An attacker can trick a Subgraph user to run a malicious unsandboxed script via the OS's default Nautilus file manager or in the terminal.