Safeguard
Topic

AI Security

In-depth guides and analysis on ai security from the Safeguard engineering team.

676 articles

AI Security

Securing AI coding IDE extensions and plugins

VS Code themes with 9M installs shipped backdoors; Cursor's rules files were hijacked in 2025. Here's what AI IDE extension security actually requires.

Jun 5, 20266 min read
AI Security

LLM output validation and sanitization best practices

LLM output is untrusted input to everything downstream. Here's how to validate, encode, and sandbox it before it becomes your next injection vector.

Jun 5, 20267 min read
AI Security

Zero-day risk in third-party AI model dependencies

Malicious Hugging Face models, a trojanized Ultralytics PyPI release, and a torch.load bypass show AI model dependencies now carry real zero-day risk.

Jun 5, 20266 min read
AI Security

Sonatype Guide: Securing Agentic AI Development

Sonatype's new guide reframes AI dependency risk, but its scanner-based model can't govern agents that install packages and call MCP tools on their own. Here's the gap and how to close it.

Jun 5, 20269 min read
AI Security

Mapping AI-generated code risks to the CWE Top 25

45% of AI-generated code fails security tests. Here's how CWE Top 25 weaknesses like XSS, SQLi, and broken auth map to specific LLM coding habits.

Jun 5, 20267 min read
AI Security

AI & LLM Governance for Software Development

Sonatype flags bad packages after the fact. Here's what AI governance for software development requires, and how Safeguard tracks models and output together.

Jun 4, 20268 min read
AI Security

Shadow AI: Finding and Governing the Tools Your Employees Already Use

Most of your organization is already using AI you never approved. Here is how to discover it, govern it, and offer sanctioned alternatives before it becomes a breach.

Jun 3, 20267 min read
AI Security

What Are AI Bills of Materials (AIBOMs)

What is an AI Bill of Materials (AIBOM), why do SBOM tools like Sonatype fall short on AI components, and how do teams build one in 2025.

Jun 3, 20268 min read
AI Security

Agentic AI Security: Access Control Is the Whole Ballgame

Gartner expects most successful attacks on AI agents through 2029 to exploit access control, with prompt injection as the delivery mechanism. Here is why that single failure mode dominates agentic AI security, and what actually moves the needle.

Jun 2, 20267 min read
AI Security

Claude Code Security: A Practical Guide for Teams Adopting AI Coding Agents

Claude Code can read your repo, run commands, and edit files — which is exactly why it needs the same security engineering as any privileged developer tool. Here's a practical hardening guide.

Jun 2, 20265 min read
AI Security

AI governance frameworks: managing risk in AI-built software

AI governance frameworks like NIST AI RMF and the EU AI Act now govern AI-built software. Here's what they require, and where JFrog's artifact-first approach falls short.

May 31, 20267 min read
AI Security

Agentic supply chain security: governing autonomous AI co...

AI coding agents now open PRs, merge code, and touch secrets on their own. Here's why JFrog-style artifact scanning can't govern them, and what can.

May 30, 20267 min read
AI Security (Page 12) — Supply Chain Security Blog | Safeguard