AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
Least Privilege for AI Agents: Why It's Harder Than It So...
AI agents break least-privilege assumptions built for humans: they chain tools, act autonomously, and compose narrow scopes into broad access no one reviewed.
Distinguishing Model Risk from Application Risk in Agenti...
Model flaws and application flaws in AI agents cause different breaches and need different fixes. Real incidents show where each risk actually lives — and how to test for both.
How Malicious Payloads Get Smuggled Into Trusted AI Skill...
Attackers smuggle malicious payloads into trusted AI skill repositories via typosquats, staged fetches, and split-file obfuscation — here is exactly how it works.
What an AI Model Risk Registry Should Actually Track
Most AI model inventories are name-and-owner spreadsheets. Here's the provenance, licensing, CVE, and revalidation fields a real AI model risk registry needs to track.
Agentic AI Security Glossary: Tool Poisoning, Prompt Inje...
A precise glossary of agentic AI security terms — prompt injection, tool poisoning, model jailbreaking, excessive agency, and MCP rug pulls — with concrete attack examples.
MCP Server Permissions: A Practical Checklist for Reducin...
A practical checklist for scoping MCP server permissions, denying risky defaults, and limiting the blast radius when an AI agent's tool access is exploited.
Why Traditional SAST Tools Struggle to Analyze Agentic Co...
Agentic codebases build call graphs at runtime, defeating static analysis. Here's why SAST tools miss prompt injection and tool-schema risks—and how Safeguard closes the gap.
Venture Capital's Renewed Bet on Agentic AI Security Star...
VC funding for agentic AI security startups hit new highs in 2026, with identity governance, autonomous pentesting, and SOC automation drawing the biggest rounds.
MCP 2025-06-18: OAuth Resource Server Rules Defenders Must Understand
The June 2025 MCP spec made every server an OAuth 2.1 resource server, mandated RFC 8707 resource indicators, and added elicitation. Here is what changes for blue teams.
Asana MCP Cross-Tenant Leak: A SaaS Connector Failure Mode
From May 1 to June 17, 2025, Asana's MCP server exposed records from one customer's workspace to another. The bug was a textbook authorization break wearing an AI label.
EchoLeak (CVE-2025-32711): The First Zero-Click LLM Exfiltration in Production
Aim Security's CVE-2025-32711 exfiltrated Microsoft 365 Copilot data via a single crafted email. The XPIA classifier failed, CSP let attackers through, and CVSS 9.3 followed.
EchoLeak (CVE-2025-32711): The First Zero-Click Production LLM Exfiltration
A single crafted email could exfiltrate data from Microsoft 365 Copilot without a user click. We walk the attack chain, the patch, and the lessons for agent operators.