AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
Security implications of AI browser agents that click, br...
AI browser agents click, browse, and pay with your credentials -- and prompt injection attacks like EchoLeak and CometJacking prove they can be hijacked to do it.
Securing computer-use AI agents that operate desktops and...
Computer-use AI agents can click, type, and log into any app on your desktop. Here is how computer use AI agent security actually works in practice.
Zero trust architecture patterns adapted for AI agent wor...
How zero trust AI agents, agent network segmentation, and continuous verification close the gaps that let one poisoned tool call turn an autonomous agent into a supply chain attack.
Explaining Model Context Protocol and its expanding attac...
MCP security is now urgent: MCP servers grew from 700 to 16,000+ in a year, and most are unaudited. Here is the threat model and how Safeguard secures it.
Analysis of known MCP server CVEs and disclosed vulnerabi...
Two critical CVEs — in mcp-remote and Anthropic's MCP Inspector — reveal how MCP server vulnerabilities let untrusted servers execute code on client machines.
How tool poisoning attacks compromise MCP tool descriptions
A single poisoned tool description can turn a trusted MCP server into a silent data-exfiltration channel. Here's how these attacks work — and how to stop them.
Step-by-step guide to hardening and securing an MCP serve...
A practical, step-by-step guide to hardening and securing an MCP server deployment -- authentication, sandboxing, network policy, and monitoring included.
OAuth and authentication patterns for Model Context Proto...
MCP OAuth authentication has been rewritten three times since March 2025. Here's how the spec, its token security model, and real CVEs like CVE-2025-49596 shape safe MCP deployments.
Risks of MCP server rug-pulls and silently changing tool ...
An MCP rug pull attack swaps a trusted server's tool definitions after approval. Here's how tool definition drift happens, and how Safeguard catches it early.
Comparing MCP security scanning and gateway products
A practical buyer's guide to MCP security gateways and scanners — evaluation criteria, honest strengths and gaps for real vendors, and where Safeguard fits.
Glossary of Model Context Protocol security terminology
A precise MCP security glossary covering clients, servers, resources vs. tools, tool poisoning, rug pulls, and the confused deputy problem — with real-world examples.
Overview of AI model supply chain security risks end to end
A concrete, incident-driven walkthrough of AI supply chain security — from poisoned datasets and backdoored Hugging Face models to CI pipeline hijacks — and how to reduce the risk end to end.