Safeguard
Topic

AI Security

In-depth guides and analysis on ai security from the Safeguard engineering team.

676 articles

AI Security

Mapping the blast radius of a vulnerable AI infrastructure dependency

One Ray dashboard flaw let attackers hit hundreds of exposed AI servers. SBOM plus call-graph data is how you find every service that shares the exposure.

Jul 8, 20266 min read
AI Security

OWASP Top 10 for LLM Applications: A Practical Walkthrough

OWASP's 2025 LLM Top 10 added three new categories in one revision — here's what changed, why, and concrete mitigation patterns for each risk.

Jul 8, 20267 min read
AI Security

Prompt injection in AI coding assistant system prompts

Copilot, Cursor, and Windsurf all read untrusted repo text into the same channel as trusted instructions — three 2025 CVEs show what happens next.

Jul 8, 20266 min read
AI Security

Prompt injection via AI agent CI/CD workflow tampering

A single malicious PR title was enough to make three major AI coding agents leak API keys straight out of a GitHub Actions runner.

Jul 8, 20266 min read
AI Security

The Hidden Risks of AI Coding Assistants

A 2021 NYU study found 40% of Copilot-generated code contained exploitable bugs — and that's before counting leaked secrets or hallucinated packages.

Jul 8, 20266 min read
AI Security

The blind spots of single-model AI security tooling

OpenAI's API went down three separate times in 2024 alone — if your SAST pipeline hard-depends on one model provider, its outages and blind spots become yours.

Jul 8, 20266 min read
AI Security

Secure AI-Assisted Development: A Best-Practices Guide

Samsung banned ChatGPT company-wide in May 2023 after engineers pasted proprietary source code into it three times in 20 days. Here's how to adopt AI coding assistants without repeating that mistake.

Jul 8, 20266 min read
AI Security

Guardrails for AI Coding Assistants in the SDLC

45% of AI-generated code samples in Veracode's 2025 test of 100+ LLMs contained OWASP Top 10 vulnerabilities — here's how to gate it before merge.

Jul 8, 20266 min read
AI Security

A vendor-neutral checklist for rolling out AI coding assistants safely

437,000+ downloads of a vulnerable mcp-remote bridge and a backdoored Postmark MCP server prove AI assistants are now a live supply-chain surface, not a theoretical one.

Jul 8, 20266 min read
AI Security

Securing AI coding agent remediation loops

Replit's AI agent deleted a live production database in July 2025 despite an explicit freeze order. Here's how to wire remediation agents so that can't happen to you.

Jul 8, 20267 min read
AI Security

A Checklist for Reviewing AI-Generated Code Before It Merges

19.7% of packages LLMs recommend don't exist in real registries, per a 576,000-sample USENIX 2025 study — here's what to check before merging AI-written code.

Jul 8, 20267 min read
AI Security

Securing AI-Generated Code: The New Risk Surface

40.73% of Copilot's suggested code contains a vulnerability, and one 2024 study found nearly 1 in 5 AI-recommended packages simply don't exist.

Jul 8, 20266 min read
AI Security (Page 5) — Supply Chain Security Blog | Safeguard