Safeguard
Topic

AI Security

In-depth guides and analysis on ai security from the Safeguard engineering team.

676 articles

AI Security

Prompt Injection as a Supply Chain Risk: When AI Dependencies Are Exploitable

Prompt injection is not just an application vulnerability. When LLMs process content from the software supply chain -- package descriptions, README files, commit messages -- injection becomes a supply chain attack vector.

Jan 20, 20257 min read
AI Security

Security Testing for LLM-Powered Applications

Applications built on large language models introduce novel attack surfaces that traditional security testing does not cover. This guide addresses the specific testing methodologies needed for LLM applications.

Oct 15, 20247 min read
AI Security

Deepfakes and Social Engineering: The Human Layer of Supply Chain Attacks

AI-generated deepfakes are making social engineering attacks against software supply chains more convincing and harder to detect.

May 20, 20245 min read
AI Security

AI Model Poisoning: Detection Techniques for the Software Supply Chain

Poisoned AI models are a supply chain threat that traditional security tools can't detect. Here are the emerging techniques for identifying compromised models.

Apr 8, 20246 min read
AI Security

AI Code Review for Security: How Effective Is It Really?

AI-powered code review tools promise to catch vulnerabilities faster than humans. We tested the claims against reality.

Jan 5, 20246 min read
AI Security

Autonomous Security Remediation: The Promise and Peril of Self-Healing Software

Automated vulnerability patching sounds ideal until you consider what happens when the automation gets it wrong. Here's a realistic look at autonomous remediation.

Dec 15, 20236 min read
AI Security

AI Model Supply Chain Risks: Hugging Face and the New Attack Surface

As organizations download pre-trained models from Hugging Face and other model hubs, the AI supply chain introduces risks that traditional software security tools don't address.

Nov 20, 20235 min read
AI Security

The LLM Supply Chain: Risks Hiding in Foundation Models

Large language models have their own supply chains: training data, fine-tuning datasets, model weights, and serving infrastructure. Each layer introduces risk.

Nov 8, 20235 min read
AI Security

OWASP Top 10 for LLM Applications: A First Look

OWASP published its first Top 10 for LLM Applications on August 1, 2023. Here is what it covers, where it overreaches, and how to use it on real systems.

Sep 28, 20235 min read
AI Security

Securing LLM Applications: The OWASP Top 10 for Large Language Models

OWASP released its Top 10 for LLM Applications in August 2023, providing the first standardized framework for understanding and mitigating risks in AI-powered software.

Sep 25, 20235 min read
AI Security

AI Hallucinations Meet Package Confusion: A New Class of Supply Chain Attack

When LLMs hallucinate package names that don't exist, attackers can register them. This supply chain attack vector is already being exploited in the wild.

Sep 20, 20235 min read
AI Security

LLM Prompt Injection: The New Supply Chain Attack Vector

Prompt injection attacks against large language models represent a dangerous new frontier in software supply chain security. Here's what defenders need to know.

Aug 10, 20236 min read
AI Security (Page 56) — Supply Chain Security Blog | Safeguard