Safeguard
Topic

AI Security

In-depth guides and analysis on ai security from the Safeguard engineering team.

676 articles

AI Security

Scanning AI-Generated Code Before It Merges: Wiring Scanners into Coding Assistants with MCP

Research found ~40% of Copilot suggestions were vulnerable, and devs using AI assistants trusted their code more. MCP lets you scan before merge.

Jul 9, 20267 min read
AI Security

Auditing AI agent skill registries for hardcoded keys

29M new hardcoded secrets hit public GitHub in 2025, up 34% YoY — and 3% of MCP servers in production carry hardcoded credentials as theft traps.

Jul 9, 20267 min read
AI Security

Securing MCP Servers for AI Agents

Five CVEs in 2025 alone trace MCP tool compromise back to one root cause: unsanitized strings piped into exec(). Here's how to expose and consume MCP safely.

Jul 9, 20267 min read
AI Security

Signing and provenance standards for AI agent skill registries

Shai-Hulud infected 500+ npm packages via stolen tokens in 2025. Agent skill registries are repeating the same unsigned-artifact mistake — here's the fix.

Jul 9, 20267 min read
AI Security

Threat-modeling for AI-native applications

STRIDE has six categories from 1999. OWASP's LLM Top 10 and MITRE ATLAS's ~84 techniques show why agentic AI needs new threat-modeling columns, not a new framework.

Jul 9, 20267 min read
AI Security

The OWASP Top 10 for LLM Applications, Explained

The OWASP LLM Top 10 is the closest thing the field has to a shared checklist for AI security. Here is what each of the ten risks actually means, in plain language, with the defenses that matter.

Jul 8, 20266 min read
AI Security

Red-Teaming AI Applications: A Field Guide

You cannot secure an LLM application by reading its code alone. You have to attack it the way an adversary will — with language, with poisoned content, and with the goal of making it do something it should not. Here is how to run an AI red team.

Jul 8, 20265 min read
AI Security

What Is the Model Context Protocol (MCP)? And What It Means for Security

MCP is the USB-C of AI integrations — one open standard for connecting models to tools and data. It also standardizes a fresh attack surface, so understanding both halves matters.

Jul 8, 20265 min read
AI Security

Agents Can Now Procure Safeguard Through MCP

AI agents can browse regional pricing, compare tiers, start a Stripe checkout, and verify activation — the entire Safeguard procurement journey now runs through the MCP server.

Jul 8, 20266 min read
AI Security

Integrating AI Tools Without Expanding Your Attack Surface

Stanford researchers found developers using AI coding assistants wrote more security bugs — and felt more confident in them. Here's how to adopt AI safely.

Jul 8, 20268 min read
AI Security

AI-assisted vulnerability remediation patterns: what to verify before you merge

GitHub reports its Copilot Autofix suggestions resolve two-thirds of flagged vulnerabilities with little or no editing — but the other third is where merges go wrong.

Jul 8, 20267 min read
AI Security

How to validate AI-generated autofix suggestions before you merge them

319 LLM patches for 64 real CVEs were graded in 2026: only 24.8% were both secure and functional. Speed without validation just merges bugs faster.

Jul 8, 20266 min read
AI Security (Page 3) — Supply Chain Security Blog | Safeguard