AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
Agentic Procurement: Letting AI Agents Buy Software Safely
Agents can now evaluate, trial, and pay for software without a human in the loop. The controls that make that safe: spend caps, allowlists, verifiable merchants, and audit trails.
Breaking-Change-Aware Remediation In 2026
Most fix PRs fail because they ignore breaking changes in the patched version. Here is how breaking-change-aware remediation closes vulns without regressions.
MCP Server Telemetry Data Governance
MCP server telemetry captures sensitive prompts, arguments, and outputs. A governance framework for retention, redaction, and tenant-scoped access is essential.
How DevOps Teams Actually Use AI Today
How can a DevOps team take advantage of artificial intelligence without adding risk? Mostly by pointing it at toil — log triage, test generation, and incident summarization — not by handing it the keys to production.
Safeguard Griffin AI: Eval Benchmarks Published
Griffin AI's evaluation harness results published for the first time. Benchmark methodology, comparison against baselines, and what the numbers mean for production use.
OpenAI API Key Leakage on GitHub at Scale
A senior engineer's view of OpenAI API key leakage on GitHub at scale, why automated secret scanning misses so many, and what actually stops the bleeding.
Responsible Disclosure For Discovered Zero-Days
When your pipeline starts producing zero-days, you inherit responsible disclosure obligations. Here is how to do it well, with the artefacts the pipeline already gives you.
AI Coding Assistant Data Leak Incidents Trend
AI coding assistants are now standard developer tooling. The incident data from 2025 and early 2026 shows a recurring pattern of source code, credential, and customer data leaking through them.
Tool-Call Audit: The Missing AI Observability Layer
Most AI observability stacks log prompts and completions. The actual security signal is in the tool calls. Here is how to capture it.
Transitive Dependency Fix Cascades, Managed
Fixing a transitive dependency is rarely a single bump. It is a cascade. Here is how to manage those cascades without flooding reviewers or breaking builds.
Scaling Across Repos: Griffin AI vs Mythos
Multi-repo security reasoning is a graph problem, not a retrieval problem. How Griffin AI's engine scales where pure-LLM products flatten into guesswork.
MCP Server Lifecycle Management Patterns
Patterns for managing MCP servers through development, staging, rollout, and deprecation — with an eye on the security gaps that appear at each transition.