AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
Prompt Injection Attack Techniques and Defenses
Prompt injection is now OWASP's #1 LLM risk, and real incidents like EchoLeak and Slack AI prove it can mean zero-click data exfiltration. Here's how it works and what stops it.
CometJacking and the AI Browser Agent Threat Model
LayerX's October 2025 CometJacking attack siphoned Gmail and Calendar via one Perplexity Comet click. The browser-as-agent design is the new blast radius.
RAG Poisoning: Defenses That Work
Retrieval-augmented generation is the most common LLM deployment pattern in the enterprise and the most commonly poisoned. A senior security engineer's playbook for defences that hold up in production.
Embedding Model Supply Chain Risks
Embedding models are the silent dependency under every RAG system. We cover poisoning, deprecation, and provenance gaps that break retrieval in production.
Claude Sonnet 4.5 System Card: Security Reading
Anthropic shipped Claude Sonnet 4.5 on September 29, 2025 with a 70-page system card. We pull the supply-chain-relevant findings out of it.
SPDX 3.0 AI Profile: Building an AIBOM in Practice
SPDX 3.0 was published in March 2025 with a dedicated AI profile and a Dataset profile. We walk through how to produce a defensible AIBOM in SPDX format alongside or in place of CycloneDX.
AI Agent Memory: Security Risks
Persistent memory makes AI agents more useful and more dangerous. A security engineer's walkthrough of how agent memory gets poisoned, exfiltrated, and weaponised, with concrete 2025 examples.
Gemini 2.5 Pro and the Late Safety Report
Google released Gemini 2.5 Pro Experimental on March 25, 2025 without a contemporaneous safety report. The UK reaction set a precedent.
Vector DB Security Considerations
Vector stores hold derivatives of your most sensitive text. We cover the access, isolation, and integrity controls production deployments of Pinecone and Weaviate need.
How Snyk Agent Fix's agentic retry loop self-corrects fai...
A technical look at how Snyk's Agent Fix uses a bounded, feedback-driven retry loop to validate and self-correct AI-generated vulnerability fixes before they reach a pull request.
GenAI Code Review Tools: A 2025 Field Test
We field-tested five GenAI code review tools against 240 seeded security defects to see which catch real issues and which hallucinate findings.
Supply Chain Attacks Targeting AI/ML Pipelines
AI and ML pipelines introduce unique supply chain risks -- from poisoned training data to compromised model registries. Here is what attackers are targeting and how to defend.