AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
Scanning AI-Generated Code Before It Merges: Wiring Scanners into Coding Assistants with MCP
Research found ~40% of Copilot suggestions were vulnerable, and devs using AI assistants trusted their code more. MCP lets you scan before merge.
Auditing AI agent skill registries for hardcoded keys
29M new hardcoded secrets hit public GitHub in 2025, up 34% YoY — and 3% of MCP servers in production carry hardcoded credentials as theft traps.
Securing MCP Servers for AI Agents
Five CVEs in 2025 alone trace MCP tool compromise back to one root cause: unsanitized strings piped into exec(). Here's how to expose and consume MCP safely.
Signing and provenance standards for AI agent skill registries
Shai-Hulud infected 500+ npm packages via stolen tokens in 2025. Agent skill registries are repeating the same unsigned-artifact mistake — here's the fix.
Threat-modeling for AI-native applications
STRIDE has six categories from 1999. OWASP's LLM Top 10 and MITRE ATLAS's ~84 techniques show why agentic AI needs new threat-modeling columns, not a new framework.
The OWASP Top 10 for LLM Applications, Explained
The OWASP LLM Top 10 is the closest thing the field has to a shared checklist for AI security. Here is what each of the ten risks actually means, in plain language, with the defenses that matter.
Red-Teaming AI Applications: A Field Guide
You cannot secure an LLM application by reading its code alone. You have to attack it the way an adversary will — with language, with poisoned content, and with the goal of making it do something it should not. Here is how to run an AI red team.
What Is the Model Context Protocol (MCP)? And What It Means for Security
MCP is the USB-C of AI integrations — one open standard for connecting models to tools and data. It also standardizes a fresh attack surface, so understanding both halves matters.
Agents Can Now Procure Safeguard Through MCP
AI agents can browse regional pricing, compare tiers, start a Stripe checkout, and verify activation — the entire Safeguard procurement journey now runs through the MCP server.
Integrating AI Tools Without Expanding Your Attack Surface
Stanford researchers found developers using AI coding assistants wrote more security bugs — and felt more confident in them. Here's how to adopt AI safely.
AI-assisted vulnerability remediation patterns: what to verify before you merge
GitHub reports its Copilot Autofix suggestions resolve two-thirds of flagged vulnerabilities with little or no editing — but the other third is where merges go wrong.
How to validate AI-generated autofix suggestions before you merge them
319 LLM patches for 64 real CVEs were graded in 2026: only 24.8% were both secure and functional. Speed without validation just merges bugs faster.