Deep dives, practical guides, and incident analyses from engineers who build Safeguard. No fluff, no vendor FUD — just what you need to ship secure software.
If you use an LLM anywhere in your security program — triage, remediation, detection — you need an eval suite with the same rigor as your test suite. Here is a concrete harness: datasets, thresholds, CI gates, and drift detection.
Pattern-matching scanners miss zero-days by definition. An engine that follows taint across package boundaries plus a model that hypothesizes exploit conditions can find what either would miss alone. Here is how that pipeline works end to end.
A data-driven look at CVE trends from Q1 2026: publication volume, severity distribution, exploitation patterns, and what the shifts mean for defenders.
A grounded 2026 primer on software supply chain attacks: definitions, the four real attack vectors, landmark incidents, and where defenders should start.
Coding agents from OpenAI, Anthropic, and Google are excellent tools. They are also not supply chain security platforms, and the assumption that they can replace one is already producing expensive gaps.
List price is the easiest number to compare and the least interesting one. TCO over three years is where Griffin AI vs Mythos-class platforms actually diverge.
SBOMs tell you what is in your software. VEX tells you which of those components are actually exploitable. Here is how to use both without drowning in noise.
A walkthrough of a CycloneDX 1.6 JSON document — metadata, components, services, dependencies, and vulnerabilities — with a real snippet and what to check first.
MCP's permissions model is subtle. Here is a careful walkthrough of how tool scoping, sampling, and resource access actually work in production.
Weekly insights on software supply chain security, delivered to your inbox.