AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
Mapping the blast radius of a vulnerable AI infrastructure dependency
One Ray dashboard flaw let attackers hit hundreds of exposed AI servers. SBOM plus call-graph data is how you find every service that shares the exposure.
OWASP Top 10 for LLM Applications: A Practical Walkthrough
OWASP's 2025 LLM Top 10 added three new categories in one revision — here's what changed, why, and concrete mitigation patterns for each risk.
Prompt injection in AI coding assistant system prompts
Copilot, Cursor, and Windsurf all read untrusted repo text into the same channel as trusted instructions — three 2025 CVEs show what happens next.
Prompt injection via AI agent CI/CD workflow tampering
A single malicious PR title was enough to make three major AI coding agents leak API keys straight out of a GitHub Actions runner.
The Hidden Risks of AI Coding Assistants
A 2021 NYU study found 40% of Copilot-generated code contained exploitable bugs — and that's before counting leaked secrets or hallucinated packages.
The blind spots of single-model AI security tooling
OpenAI's API went down three separate times in 2024 alone — if your SAST pipeline hard-depends on one model provider, its outages and blind spots become yours.
Secure AI-Assisted Development: A Best-Practices Guide
Samsung banned ChatGPT company-wide in May 2023 after engineers pasted proprietary source code into it three times in 20 days. Here's how to adopt AI coding assistants without repeating that mistake.
Guardrails for AI Coding Assistants in the SDLC
45% of AI-generated code samples in Veracode's 2025 test of 100+ LLMs contained OWASP Top 10 vulnerabilities — here's how to gate it before merge.
A vendor-neutral checklist for rolling out AI coding assistants safely
437,000+ downloads of a vulnerable mcp-remote bridge and a backdoored Postmark MCP server prove AI assistants are now a live supply-chain surface, not a theoretical one.
Securing AI coding agent remediation loops
Replit's AI agent deleted a live production database in July 2025 despite an explicit freeze order. Here's how to wire remediation agents so that can't happen to you.
A Checklist for Reviewing AI-Generated Code Before It Merges
19.7% of packages LLMs recommend don't exist in real registries, per a 576,000-sample USENIX 2025 study — here's what to check before merging AI-written code.
Securing AI-Generated Code: The New Risk Surface
40.73% of Copilot's suggested code contains a vulnerability, and one 2024 study found nearly 1 in 5 AI-recommended packages simply don't exist.