AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
Securing AI coding IDE extensions and plugins
VS Code themes with 9M installs shipped backdoors; Cursor's rules files were hijacked in 2025. Here's what AI IDE extension security actually requires.
LLM output validation and sanitization best practices
LLM output is untrusted input to everything downstream. Here's how to validate, encode, and sandbox it before it becomes your next injection vector.
Zero-day risk in third-party AI model dependencies
Malicious Hugging Face models, a trojanized Ultralytics PyPI release, and a torch.load bypass show AI model dependencies now carry real zero-day risk.
Sonatype Guide: Securing Agentic AI Development
Sonatype's new guide reframes AI dependency risk, but its scanner-based model can't govern agents that install packages and call MCP tools on their own. Here's the gap and how to close it.
Mapping AI-generated code risks to the CWE Top 25
45% of AI-generated code fails security tests. Here's how CWE Top 25 weaknesses like XSS, SQLi, and broken auth map to specific LLM coding habits.
AI & LLM Governance for Software Development
Sonatype flags bad packages after the fact. Here's what AI governance for software development requires, and how Safeguard tracks models and output together.
Shadow AI: Finding and Governing the Tools Your Employees Already Use
Most of your organization is already using AI you never approved. Here is how to discover it, govern it, and offer sanctioned alternatives before it becomes a breach.
What Are AI Bills of Materials (AIBOMs)
What is an AI Bill of Materials (AIBOM), why do SBOM tools like Sonatype fall short on AI components, and how do teams build one in 2025.
Agentic AI Security: Access Control Is the Whole Ballgame
Gartner expects most successful attacks on AI agents through 2029 to exploit access control, with prompt injection as the delivery mechanism. Here is why that single failure mode dominates agentic AI security, and what actually moves the needle.
Claude Code Security: A Practical Guide for Teams Adopting AI Coding Agents
Claude Code can read your repo, run commands, and edit files — which is exactly why it needs the same security engineering as any privileged developer tool. Here's a practical hardening guide.
AI governance frameworks: managing risk in AI-built software
AI governance frameworks like NIST AI RMF and the EU AI Act now govern AI-built software. Here's what they require, and where JFrog's artifact-first approach falls short.
Agentic supply chain security: governing autonomous AI co...
AI coding agents now open PRs, merge code, and touch secrets on their own. Here's why JFrog-style artifact scanning can't govern them, and what can.