Safeguard
Topic

AI Security

In-depth guides and analysis on ai security from the Safeguard engineering team.

676 articles

AI Security

Prompt Injection Attack Techniques and Defenses

Prompt injection is now OWASP's #1 LLM risk, and real incidents like EchoLeak and Slack AI prove it can mean zero-click data exfiltration. Here's how it works and what stops it.

Nov 12, 20257 min read
AI Security

CometJacking and the AI Browser Agent Threat Model

LayerX's October 2025 CometJacking attack siphoned Gmail and Calendar via one Perplexity Comet click. The browser-as-agent design is the new blast radius.

Oct 30, 20257 min read
AI Security

RAG Poisoning: Defenses That Work

Retrieval-augmented generation is the most common LLM deployment pattern in the enterprise and the most commonly poisoned. A senior security engineer's playbook for defences that hold up in production.

Oct 20, 20257 min read
AI Security

Embedding Model Supply Chain Risks

Embedding models are the silent dependency under every RAG system. We cover poisoning, deprecation, and provenance gaps that break retrieval in production.

Oct 18, 20255 min read
AI Security

Claude Sonnet 4.5 System Card: Security Reading

Anthropic shipped Claude Sonnet 4.5 on September 29, 2025 with a 70-page system card. We pull the supply-chain-relevant findings out of it.

Oct 2, 20256 min read
AI Security

SPDX 3.0 AI Profile: Building an AIBOM in Practice

SPDX 3.0 was published in March 2025 with a dedicated AI profile and a Dataset profile. We walk through how to produce a defensible AIBOM in SPDX format alongside or in place of CycloneDX.

Sep 18, 20257 min read
AI Security

AI Agent Memory: Security Risks

Persistent memory makes AI agents more useful and more dangerous. A security engineer's walkthrough of how agent memory gets poisoned, exfiltrated, and weaponised, with concrete 2025 examples.

Sep 15, 20257 min read
AI Security

Gemini 2.5 Pro and the Late Safety Report

Google released Gemini 2.5 Pro Experimental on March 25, 2025 without a contemporaneous safety report. The UK reaction set a precedent.

Sep 12, 20256 min read
AI Security

Vector DB Security Considerations

Vector stores hold derivatives of your most sensitive text. We cover the access, isolation, and integrity controls production deployments of Pinecone and Weaviate need.

Sep 10, 20255 min read
AI Security

How Snyk Agent Fix's agentic retry loop self-corrects fai...

A technical look at how Snyk's Agent Fix uses a bounded, feedback-driven retry loop to validate and self-correct AI-generated vulnerability fixes before they reach a pull request.

Sep 10, 20258 min read
AI Security

GenAI Code Review Tools: A 2025 Field Test

We field-tested five GenAI code review tools against 240 seeded security defects to see which catch real issues and which hallucinate findings.

Sep 2, 20254 min read
AI Security

Supply Chain Attacks Targeting AI/ML Pipelines

AI and ML pipelines introduce unique supply chain risks -- from poisoned training data to compromised model registries. Here is what attackers are targeting and how to defend.

Sep 1, 20257 min read
AI Security (Page 52) — Supply Chain Security Blog | Safeguard