Safeguard
Topic

AI Security

In-depth guides and analysis on ai security from the Safeguard engineering team.

676 articles

AI Security

AI SBOMs and Model Cards: Building Transparency Into the AI Supply Chain

As AI models become critical software components, the need for AI-specific SBOMs and model cards grows urgent. How the industry is extending supply chain transparency to machine learning pipelines.

Jun 10, 20259 min read
AI Security

PyTorch CVE-2025-32434: weights_only=True No Longer Safe

A critical PyTorch RCE bypassed the safety property of torch.load(weights_only=True). We analyze the bug and explain why safetensors should now be the default.

May 22, 20257 min read
AI Security

OpenSSF Model Signing v1.0: Sigstore for ML

OpenSSF launched Model Signing v1.0 in April 2025 with Sigstore integration. NVIDIA NGC adopted it the same month. We explain what it signs, how to verify, and where the gaps are.

May 8, 20257 min read
AI Security

Line Jumping: How MCP Tool Descriptions Attack Before Tools Are Called

Trail of Bits coined 'line jumping' for prompt injection delivered through MCP tool descriptions on connection. It bypasses every tool-invocation guardrail by design.

Apr 29, 20256 min read
AI Security

OpenAI Preparedness Framework v2: April 2025 Update

OpenAI released Preparedness Framework v2 on April 15, 2025 with sharper thresholds, an AI self-improvement category, and clearer disclosure requirements. We unpack the operational changes.

Apr 25, 20257 min read
AI Security

Llama 4 Release and LlamaFirewall: A Defender's Guide

Meta shipped Llama 4 Scout and Maverick on April 5, 2025, along with Llama Guard 4, LlamaFirewall, and CyberSecEval 4. We unpack what defenders should deploy and what to ignore.

Apr 10, 20257 min read
AI Security

MCP Server Authentication and Authorization: Securing the AI Tool Layer

The Model Context Protocol enables AI agents to interact with external tools and data sources. Securing MCP servers requires authentication, authorization, and input validation patterns specific to the AI agent context.

Apr 5, 20258 min read
AI Security

AI Agent Tool Calling Security: Risks and Mitigations

AI agents that call tools -- APIs, databases, file systems, code interpreters -- convert non-deterministic LLM output into real-world actions. Securing this boundary is the defining challenge of agentic AI.

Mar 10, 20257 min read
AI Security

AI Agent Frameworks: A Security Assessment of the New Autonomous Frontier

AI agents that can execute code, browse the web, and manage infrastructure are proliferating. The security implications of these autonomous frameworks demand scrutiny.

Mar 5, 20256 min read
AI Security

LLM-Augmented Bug Discovery Methodology

A practitioner's methodology for using LLMs to augment — not replace — traditional bug discovery workflows, with patterns that hold up under real review load.

Feb 25, 20259 min read
AI Security

MCP Protocol Security: What the Model Context Protocol Means for Supply Chains

Anthropic's Model Context Protocol standardizes how AI models interact with external tools. The security implications for software supply chains are significant.

Feb 20, 20256 min read
AI Security

nullifAI: Broken Pickles and the Hugging Face Detection Gap

ReversingLabs disclosed two malicious Hugging Face models that evaded Picklescan by using broken 7z-packed PyTorch archives. We unpack the technique.

Feb 10, 20256 min read
AI Security (Page 55) — Supply Chain Security Blog | Safeguard