Safeguard
Topic

AI Security

In-depth guides and analysis on ai security from the Safeguard engineering team.

676 articles

AI Security

Securing MCP server registries: risks of unvetted AI tool...

Unvetted MCP servers already power tool poisoning and rug-pull attacks. Here's why package scanning like JFrog's isn't enough, and how to actually secure your MCP registry.

May 30, 20268 min read
AI Security

AI agent skills and plugin repositories: why they need th...

AI agent skills and MCP plugins are packages in disguise—executable, publicly registered, and largely ungoverned. Here's why they need npm-grade supply chain controls.

May 30, 20268 min read
AI Security

Responsible AI principles: what vendors commit to when bu...

What should a "responsible AI" commitment from a security vendor actually contain? A breakdown of the regulations, disclosures, and JFrog comparison every buyer should check.

May 29, 20268 min read
AI Security

Cisco's May 2026 Multi-Turn Jailbreak Study: Why Frontier Model Safety Collapses Over a Conversation

Cisco's AI threat team tested 15 flagship models with ~7,000 multi-turn attacks and found success rates as high as 88 percent. Single-turn safety scores told defenders almost nothing about real-world resilience.

May 28, 202611 min read
AI Security

Claude Opus 4.8 for Security Teams: Capabilities, AppSec Use, and Governance (May 2026)

Anthropic shipped Claude Opus 4.8 on May 28, 2026, with sharper agentic coding and better honesty about its own work. Here is what it changes for vulnerability triage, fix-PRs, and the governance you need before it touches your pipeline.

May 28, 202616 min read
AI Security

Securing AI coding assistants: governance patterns for to...

AI coding assistants like Claude Code and Cursor now write, install, and execute code with minimal oversight. Here's the governance framework that closes the gap JFrog's artifact scanning leaves open.

May 28, 20267 min read
AI Security

An Engineering Guide to AI Bill of Materials (AIBOM)

An AIBOM extends the SBOM to models, datasets, and prompts. What goes in one, how CycloneDX 1.6 encodes it, and how to generate it in CI without a documentation project.

May 25, 20266 min read
AI Security

Evaluating AI Security Posture Management (AI-SPM) tools:...

A practical, criteria-based comparison of Safeguard and Mend.io for AI-SPM buyers: provenance verification, AI-BOM depth, and CI/CD policy enforcement.

May 25, 20268 min read
AI Security

Best AI red teaming tools ranked

Best AI red teaming tools ranked: how Mend.io's SCA scanning and Safeguard's exploitability-first SBOM analysis actually differ for AI supply chain risk.

May 25, 20267 min read
AI Security

Hugging Face as Malware CDN and Exfiltration Backend: The DPRK-Linked npm Campaign of May 2026

OX Security disclosed a DPRK-aligned campaign that abused Hugging Face as a malware host and data-exfiltration backend, using public repos to serve second-stage payloads and private datasets to receive stolen developer secrets.

May 22, 202611 min read
AI Security

Claude, GPT, and Coding Harness Security: Comparing Model...

Claude and GPT both write vulnerable code by default in coding harnesses. Comparing model behavior, then Safeguard's approach versus Endor Labs' reachability-first SCA.

May 20, 20268 min read
AI Security

AI-Based Cybersecurity Tools: What to Look For

AI based cybersecurity tools range from genuinely useful triage assistants to thin wrappers around a generic model, and the difference is usually visible in how the tool handles context, not in its marketing.

May 19, 20265 min read
AI Security (Page 13) — Supply Chain Security Blog | Safeguard