Safeguard
Topic

AI Security

In-depth guides and analysis on ai security from the Safeguard engineering team.

676 articles

AI Security

The Onboarding Tax: Why Signup Forms Break Agent Workflows

Every signup form, verification email, and OAuth redirect is a wall an AI agent can't climb. Zero-touch onboarding lets an agent create the account and sign in itself — no browser, no human relay.

Jul 9, 20264 min read
AI Security

Agentic Commerce: Why Your SaaS Has to Let AI Agents Buy

AI agents already research, compare, and recommend software — but the moment they hit a paywall, they stall and hand the job back to a human. Here's why that gap is expensive, and how agent-native purchasing closes it.

Jul 9, 20264 min read
AI Security

AI agents in AppSec pipelines: triage, remediation, and guardrails

GitHub's Copilot Autofix cuts median fix time from 1.5 hours to 28 minutes — but a 2025 Replit agent incident shows why autonomy needs hard limits.

Jul 9, 20266 min read
AI Security

AI risk management best practices: a lifecycle framework

NIST's AI RMF has four functions and MITRE ATLAS now tracks 84 adversarial techniques — most AI risk programs still only cover one lifecycle stage.

Jul 9, 20266 min read
AI Security

When Shared AI Chats Become Public Search Results

In July 2025, ~4,500 shared ChatGPT conversations turned up indexed on Google. Here's why sharable AI chats leak, and how enterprises stop it at the gateway.

Jul 9, 20266 min read
AI Security

A risk framework for enterprise AI coding and agent tool rollouts

Samsung banned ChatGPT company-wide after three leaks in 20 days. A working framework for data exposure, model supply chain, and access control risk.

Jul 9, 20267 min read
AI Security

Why traditional AppSec still catches most enterprise AI agent bugs

OWASP's LLM Top 10 names new categories, but most enterprise agent breaches trace back to broken access control and unvalidated input — the classics.

Jul 9, 20266 min read
AI Security

Concrete guardrails for AI coding assistants

40% of Copilot-generated code contained CWE Top 25 flaws in a 2022 study. Here are the prompt, scanning, and review gates that actually stop AI-written risk.

Jul 9, 20266 min read
AI Security

The guardrail gap in low-code agentic AI platforms

Low-code AI builders let business users wire agents to live connectors in minutes — but most ship without per-tool scoping, approval gates, or audit trails.

Jul 9, 20267 min read
AI Security

Least-Privilege Tool Scoping for AI Coding Agents

One overprivileged GitHub token let researchers hijack an AI agent into leaking private repo data via a public issue. Scoping tool access closes that gap.

Jul 9, 20267 min read
AI Security

MCP server security for AI coding agents

A critical RCE in Anthropic's own MCP Inspector (CVSS 9.4) and two Cursor CVEs show that giving AI agents tool access creates a new, largely unvetted attack surface.

Jul 9, 20267 min read
AI Security

A Reproducible Rubric for Measuring Prompt-Injection Risk in Agent Skills

OWASP has ranked prompt injection the #1 LLM risk for two straight editions, yet almost no one scores agent skill packages for it consistently. Here's a rubric.

Jul 9, 20266 min read
AI Security (Page 2) — Supply Chain Security Blog | Safeguard