AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
Open-Weight Model Sandboxing Patterns
Running an open-weight model inside an enterprise perimeter seems safer than calling a hosted API. It is, and it isn't. The sandboxing patterns that actually produce the safety properties.
GPT-5 Launch: Reading the System Card for Supply-Chain Risk
GPT-5 shipped August 13, 2025 under OpenAI's Preparedness Framework v2. Here's what the system card tells security teams about deployment risk.
Local LLM Deployment: Enterprise Risks
Running LLMs on local hardware eliminates some risks and introduces others. A clear-eyed look at the enterprise risk profile of on-premise and on-device model deployments.
The Prompt Injection Problem Hiding Inside Everyday Code ...
AI coding assistants read untrusted files as instructions, not data. Here's how prompt injection sneaks malicious code into your commits — and how to catch it before it ships.
Model Training Data and the Propagation of Insecure Codin...
LLM coding assistants inherit insecure patterns from their training data — from SQLi-prone snippets to hallucinated packages attackers exploit. Here's how the risk propagates.
Securing AI Agents: MCP Protocol Risks and Mitigations
The Model Context Protocol is transforming how AI agents interact with tools, but it introduces new attack surfaces. Here is what security teams need to understand.
Tool Poisoning Attacks: How Malicious Instructions Hide I...
AI agent tools can hide invisible instructions attackers use to steal data. Here's how tool poisoning attacks work and how Safeguard stops them.
Model Context Protocol Security 101: What Could Go Wrong ...
MCP lets AI models call tools automatically — and lets malicious servers hide instructions in plain sight. Here's how tool poisoning, rug pulls, and shadowing actually work.
Agent Skill Marketplaces as the Next Frontier for Supply ...
Agent skill marketplaces are repeating npm and PyPI's supply chain mistakes—except the malicious payload is often a sentence of instructions, not code. Here's what's already been exploited.
Prompt Injection vs Traditional Injection Attacks: A Tech...
SQL injection was solved by separating code from data. Prompt injection can't be, because in an LLM they share one channel. Here's the technical comparison, with real exploits and dates.
Why Autonomous Coding Agents Need Their Own Threat Model
Coding agents run with real credentials and no pause button. Here is the threat model that treats them as autonomous infrastructure, not junior developers.
The Jailbreaking Economy: How Model Vulnerabilities Get D...
Jailbreak prompts now trade like exploits: sold as $200/month "dark" chatbots, bountied by vendors for up to $15,000. Here's how that market actually works.