AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
Securing MCP server registries: risks of unvetted AI tool...
Unvetted MCP servers already power tool poisoning and rug-pull attacks. Here's why package scanning like JFrog's isn't enough, and how to actually secure your MCP registry.
AI agent skills and plugin repositories: why they need th...
AI agent skills and MCP plugins are packages in disguise—executable, publicly registered, and largely ungoverned. Here's why they need npm-grade supply chain controls.
Responsible AI principles: what vendors commit to when bu...
What should a "responsible AI" commitment from a security vendor actually contain? A breakdown of the regulations, disclosures, and JFrog comparison every buyer should check.
Cisco's May 2026 Multi-Turn Jailbreak Study: Why Frontier Model Safety Collapses Over a Conversation
Cisco's AI threat team tested 15 flagship models with ~7,000 multi-turn attacks and found success rates as high as 88 percent. Single-turn safety scores told defenders almost nothing about real-world resilience.
Claude Opus 4.8 for Security Teams: Capabilities, AppSec Use, and Governance (May 2026)
Anthropic shipped Claude Opus 4.8 on May 28, 2026, with sharper agentic coding and better honesty about its own work. Here is what it changes for vulnerability triage, fix-PRs, and the governance you need before it touches your pipeline.
Securing AI coding assistants: governance patterns for to...
AI coding assistants like Claude Code and Cursor now write, install, and execute code with minimal oversight. Here's the governance framework that closes the gap JFrog's artifact scanning leaves open.
An Engineering Guide to AI Bill of Materials (AIBOM)
An AIBOM extends the SBOM to models, datasets, and prompts. What goes in one, how CycloneDX 1.6 encodes it, and how to generate it in CI without a documentation project.
Evaluating AI Security Posture Management (AI-SPM) tools:...
A practical, criteria-based comparison of Safeguard and Mend.io for AI-SPM buyers: provenance verification, AI-BOM depth, and CI/CD policy enforcement.
Best AI red teaming tools ranked
Best AI red teaming tools ranked: how Mend.io's SCA scanning and Safeguard's exploitability-first SBOM analysis actually differ for AI supply chain risk.
Hugging Face as Malware CDN and Exfiltration Backend: The DPRK-Linked npm Campaign of May 2026
OX Security disclosed a DPRK-aligned campaign that abused Hugging Face as a malware host and data-exfiltration backend, using public repos to serve second-stage payloads and private datasets to receive stolen developer secrets.
Claude, GPT, and Coding Harness Security: Comparing Model...
Claude and GPT both write vulnerable code by default in coding harnesses. Comparing model behavior, then Safeguard's approach versus Endor Labs' reachability-first SCA.
AI-Based Cybersecurity Tools: What to Look For
AI based cybersecurity tools range from genuinely useful triage assistants to thin wrappers around a generic model, and the difference is usually visible in how the tool handles context, not in its marketing.