AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
Keeping secrets out of agent context windows: brokers, scoped tokens, and redaction
Every secret that touches an agent's context window is a secret the agent can leak. Just-in-time credential brokers, scoped-token issuance, and redaction layers keep the surface small without breaking the agent's ability to do real work.
Network egress controls for autonomous agent runtimes
Autonomous agents need network access to do useful work, and that access is exactly what attackers exploit when they trick an agent into exfiltrating data. Here is how to design egress controls that hold up under adversarial pressure.
ISO 42001 and AI Management Systems for Security Teams
ISO 42001 makes AI governance auditable and certifiable. Here's what security teams need to build an AIMS, where Endor Labs' AI code-risk scoring falls short, and how Safeguard closes the gap.
Prompt Injection Techniques and the Defenses That Actually Work
Prompt injection techniques range from direct override attempts to indirect payloads hidden in retrieved documents; here's what actually stops them.
AI Coding Agent Governance: Securing Copilot, Cursor, and...
How to govern Copilot, Cursor, and Claude Code with provenance tracking and permission scoping — beyond after-the-fact SCA scanning of agent-written code.
Securing MCP Servers and Agent Skills in the Enterprise
MCP servers and agent skills give AI agents new power—and new attack surface. Here's how tool poisoning and rug-pull attacks work, and how to stop them.
Detecting shadow MCP servers in developer environments
Unauthorized MCP servers running on developer laptops are the agent-era equivalent of shadow IT. Here is how to inventory them, see them at runtime, and bring them under policy.
NIST SP 800-218A: Operationalizing AI Secure Development in 2026
NIST SP 800-218A turned the SSDF into an AI community profile in July 2024. Eighteen months later, what does real adoption look like for AI software teams?
Defending LLM agents against confused-deputy attacks on their tool privileges
An LLM agent with tools is a deputy that holds privileges its users do not. Attackers exploit that gap by tricking the agent into using those privileges on their behalf — here is how to design defenses that hold up.
The Fake OpenAI 'privacy-filter' Model: How a Typosquat Hit #1 on Hugging Face in May 2026
A repository named Open-OSS/privacy-filter impersonated OpenAI's release, copied its model card verbatim, and shipped a loader.py that pulled an infostealer. It reached #1 trending with ~244,000 downloads before removal.
Ollama CVE-2026-7482 'Bleeding Llama': Out-of-Bounds Read
Cyera disclosed Bleeding Llama in May 2026: a heap out-of-bounds read in Ollama's GGUF loader leaking process memory. We dissect the bug and the exposure across 300,000 Ollama deployments.
Prompt-injection vectors specific to MCP servers and how to layer defenses
MCP servers expose three distinct prompt-injection surfaces — resource contents, tool outputs, and sampling requests — and each one needs its own defense layer. Here is how to think about them together.