AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
GenAI Code Assistants and Package Hallucination: 2026 Update
LLM-suggested package names that do not exist are a registered attack vector in 2026. Here is where hallucination rates sit today and how to contain them.
AI Bill of Materials (ML-BOM) Standards in 2026
A senior engineer's survey of AI-BOM and ML-BOM standards in 2026, from CycloneDX ML components to SPDX 3.0 AI profile, and what to actually ship.
Cross-Vendor SBOM Normalization: Griffin AI vs Mythos
Your SBOMs come from a dozen vendors, three scanners, and two CI systems. Normalising them into one queryable graph is where SBOM programs actually succeed or fail.
Benchmark Reproducibility: Griffin AI vs Mythos
A benchmark you can't reproduce is marketing. A benchmark you can rerun on your own infrastructure is evidence. The reproducibility gap is wide.
Prompt Injection Defences: Griffin AI vs Mythos
Prompt injection is the defining AI security problem of this generation. The defences are structural, not cosmetic — and the architectural choices show.
Griffin AI vs Windsurf Cascade for Security Review
Windsurf's Cascade agent is among the more capable in-editor agents. For security review specifically, it's a complement to Griffin AI, not a replacement.
Proof-Of-Concept Payloads From Discovered Paths
A taint path is not an exploit. Here is how a zero-day pipeline turns a reachable flow into a defensible proof-of-concept payload without inventing a vulnerability.
Enterprise AI Metric Design For Executive Reporting
AI-for-security metrics that show up on board slides are different from the ones engineers use day-to-day. Designing both sets properly is the work.
Griffin AI vs Self-Hosted Llama: Real Costs
Self-hosting Llama looks cheap on paper. The real costs — GPUs, operations, engineering — make the comparison less obvious than the list price suggests.
Pricing Predictability: Griffin AI vs Mythos
A 40% cost surprise in year two is not a pricing issue — it is an architecture issue. Griffin AI and Mythos-class tools diverge on predictability in structural ways.
MCP Client-Side Security Considerations
The MCP client surface is often overlooked. We examine trust boundaries, schema handling, credential storage, and safe defaults for the agent side of the protocol.
Prompt Injection Defence Stack 2026
No single control stops prompt injection. The current state of the art is a defence-in-depth stack with controls at five distinct layers. Here it is.