Safeguard
Topic

AI Security

In-depth guides and analysis on ai security from the Safeguard engineering team.

676 articles

AI Security

The supply-chain and IP risk hiding inside AI coding assistants

GitHub has disclosed that Copilot suggestions match training-set code verbatim about 1% of the time — and a class action over it is still being argued in 2026.

Jul 8, 20267 min read
AI Security

Why AI-generated code quality problems compound into security risk

Developers using AI coding assistants wrote less secure code in 4 of 5 tasks in a 2023 Stanford study — and were more confident it was safe.

Jul 8, 20267 min read
AI Security

The Security Pitfalls Hiding in AI-Generated Code

A 2021 NYU study found roughly 40% of Copilot completions on security-relevant prompts contained exploitable flaws. Here's a field guide to catching them.

Jul 8, 20266 min read
AI Security

Where AI actually helps AppSec — and where it quietly makes things worse

One 2025 benchmark found an LLM filter cut Semgrep's false positives by 88.6% — while a separate study found GPT-4 alone flagging vulnerabilities was wrong more often than right.

Jul 8, 20267 min read
AI Security

AI Red Teaming vs. AI-SPM: Why You Need Both

OWASP's 2025 LLM Top 10 and MITRE ATLAS both treat adversarial testing and posture scanning as separate disciplines — most AI programs still run only one.

Jul 8, 20265 min read
AI Security

AI Developer Tools: Weighing Productivity Against Security and IP Exposure

NYU found 40% of Copilot-generated code contained exploitable flaws; Samsung banned ChatGPT after three leaks in under 20 days. The productivity math still isn't simple.

Jul 8, 20267 min read
AI Security

Code injection risks in GenAI-generated code

Nearly 40% of GitHub Copilot's suggested programs contain exploitable vulnerabilities, and 19.7% of AI-generated code samples reference packages that don't exist.

Jul 8, 20267 min read
AI Security

Why AI-generated code needs DAST, not just SAST

Copilot-generated code carried vulnerabilities in ~40% of cases in a 2021 NYU study. Static scanning alone cannot catch the runtime-only bug classes LLMs introduce.

Jul 8, 20266 min read
AI Security

Detecting AI Hallucinations in Generated Code

A USENIX Security 2025 study found 19.7% of packages recommended by 16 LLMs across 576,000 code samples don't exist — and attackers are registering them first.

Jul 8, 20266 min read
AI Security

Guardrails for Autonomous AI Agents: Allowlisting, Validation, and Human-in-the-Loop

OWASP's 2025 LLM Top 10 splits Excessive Agency into three root causes. Here's how tool allowlisting, output validation, and approval gates address each one.

Jul 8, 20266 min read
AI Security

Why static scanners miss malicious AI agent skills

In April 2025, Invariant Labs showed a malicious MCP tool description could exfiltrate an SSH key — with zero suspicious code for a static scanner to flag.

Jul 8, 20266 min read
AI Security

LLM-assisted vulnerability autofixing: approaches and how to validate the patches

At DARPA's AIxCC finals in August 2025, AI systems patched 68% of vulnerabilities they found — up from 25% at semifinals. Here's how the approaches differ and why validation still matters most.

Jul 8, 20267 min read
AI Security (Page 4) — Supply Chain Security Blog | Safeguard