AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
Data poisoning attacks against LLMs
A $60 domain purchase or 250 documents can backdoor an LLM. Here's how data poisoning attacks work, real cases, and how to defend against them.
Securing RAG pipelines against injection attacks
RAG pipelines feed untrusted retrieved content straight into model context. Real breaches like EchoLeak show what happens when nothing checks it.
Type-level security: the future of secure AI code generation
45% of AI-generated code fails basic security tests. Here's why type systems catch what code review misses, and how to enforce type-level security on AI-authored diffs.
Snyk VulnBench: benchmarking LLMs on repeat vulnerability discovery
Snyk's VulnBench JS 1.0 ran 300 repeated LLM scans and found half of non-reference findings vanish on rerun—raising the bar for AI security tooling.
Protestware via prompt injection: the jqwik 1.10.0 case
jqwik 1.10.0 hid a prompt injection telling AI coding agents to delete tests. Here's how it worked, why it's protestware, and how to catch it.
AI Is Forcing a New Open Source Security Model
AI coding agents now choose dependencies — and attackers are exploiting hallucinated packages and MCP backdoors that legacy SCA tools like Sonatype's were never built to catch.
Governments banning AI models: security implications for teams
Governments banned DeepSeek and other AI models in 2025 within days. Here's the security supply-chain risk teams face and how to find and fix it fast.
Building trust in AI-assisted software development
AI writes 30-50% of new code at many shops now, and 45% of it ships with security flaws. Here's how to build real trust in that pipeline.
Vulnerability Prioritization in the AI Era
CVSS scores can't keep pace with AI-generated code and 40,000+ annual CVEs. Here's why Sonatype's component-level model falls short and what real prioritization requires.
Cursor's AI security agents: what they get right and what's missing
Cursor's Bugbot and MCP agents catch real bugs, but CurXecute and MCPoison show they open new attack surfaces SCA tools never had to face.
Claude Code and Claude Desktop security integrations
Claude Code's shell access and MCP's connector boom are reshaping software supply chain risk. Here's what security teams need to know and do.
Anthropic Claude Enterprise security features overview
Claude Enterprise ships strong SSO, SCIM, audit logging, and SOC 2/ISO compliance — but its controls stop at the API boundary, leaving code and dependencies exposed.