AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
678 articles
What is Training Data Poisoning
Training data poisoning corrupts an ML model's training data to plant hidden backdoors. Learn how it works, real incidents, and how to detect it.
Slopsquatting (AI package hallucination attack)
Slopsquatting exploits AI coding assistants that hallucinate nonexistent package names, which attackers then register as real, malicious packages.
What is a Model Inversion Attack
Model inversion attacks reconstruct sensitive training data from a model's outputs. Learn how they work, real cases, and how to defend your ML APIs.
What is Adversarial Machine Learning
Adversarial machine learning exploits model decision boundaries via evasion, poisoning, extraction, and inference attacks -- here's how it works and how to defend against it.
What is Insecure Output Handling in LLMs
Insecure output handling lets LLM-generated text execute code, alter queries, or render unsanitized HTML — a real, exploitable OWASP LLM05:2025 risk.
MCP Server Inventory: Griffin AI vs Mythos
MCP servers are privileged dependencies. An inventory that tracks them like SBOM tracks packages is the minimum bar — and not every tool meets it.
Zero-Day Discovery ROI: CISO Board Deck
How to talk to your board about zero-day discovery without overpromising. The metrics, the framing, and the slides that hold up under follow-up questions.
What is Sensitive Information Disclosure in LLMs
LLM sensitive information disclosure leaks training data, prompts, and secrets through model outputs. Real incidents, causes, and defenses explained.
What is AI Governance
AI governance means the policies and technical controls that keep AI models, data, and agents safe, compliant, and auditable across your software supply chain.
What is RAG (Retrieval-Augmented Generation) Security
RAG pipelines blend retrieved data with model instructions, creating prompt injection, poisoning, and embedding-leak risks traditional AppSec tools miss.
GenAI Coding Agent Privilege Escalation
Autonomous coding agents can escalate privilege in subtle ways that traditional threat models miss. A breakdown of the common escalation paths and how to constrain them.
Griffin AI vs GitHub Copilot for Vulnerability Fixing
GitHub Copilot suggests fixes. Griffin AI generates fix PRs with taint paths and disproof attached. The difference is review burden.