AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
AI Security Software: A Buyer's Guide for 2026
The label 'AI security software' now covers two different markets — tools that secure AI systems, and security tools powered by AI. How to tell them apart, what to evaluate, and the questions that expose thin products.
How Copilot Autofix generates AI-powered vulnerability fi...
Copilot Autofix pairs CodeQL with an LLM to patch code-scanning alerts up to 3x faster. Here's how it works, its limits, and where supply chain risk still slips through.
AI Agent Tool-Use Security: Locking Down What Agents Can Do
The moment you give an LLM tools, it stops being a chatbot and becomes an actor in your systems. Tool-use security is about making sure a compromised agent hits a wall instead of a credential.
RAG Security Best Practices for 2026
Retrieval-augmented generation wired an untrusted-content pipeline straight into your model's context window. Here are the practices that keep a poisoned document or a leaked chunk from becoming an incident.
Securing AI-Generated Code: A Practical 2026 Guide
AI now writes a large share of the code shipping to production, and it reproduces the same insecure patterns humans do — at machine speed. Here is how to keep AI-authored code from becoming your next incident.
Daybreak vs. Mythos: 2026 Is the Year the Frontier Labs Entered Defensive Security
OpenAI's Daybreak and Anthropic's Mythos both bet that frontier models can find and fix vulnerabilities at scale. The discovery race is real — but the bottleneck, the cost curve, and the winning strategy all point the same direction: be model-agnostic.
Patch the Planet: What AI-Generated Fixes Actually Mean for Open-Source Maintainers
OpenAI's Patch the Planet, co-founded with Trail of Bits, wants to move widely-used open-source projects from findings to fixes. The ambition is right — but it shifts the bottleneck to maintainer review, patch provenance, and the trust of machine-authored code.
OpenAI's Daybreak: An Honest Assessment of Codex Security, GPT-5.5-Cyber, and the Find-Validate-Patch Loop
Daybreak is the most complete attempt yet to turn a frontier model into a vulnerability-finding-and-fixing system. We break down what it gets right, where the verification and economics still bite, and how it fits alongside a purpose-built engine.
Securing AI coding assistants (Claude Code, Copilot, etc.)
AI coding assistants like Claude Code and Copilot introduce new supply chain risks. Here's what's actually going wrong and how to secure your pipeline.
Prompt Injection Examples: Attacks Seen in the Wild
From hidden text in resumes to poisoned web pages that hijack AI browsing agents, prompt injection has moved from research demos to real incidents. Here are the patterns and what actually blunts them.
GPT-5.5-Cyber and Trusted Access: The Dual-Use Governance Questions Defenders Should Be Asking
OpenAI's Daybreak ships a permissive, offensive-capable model behind a tiered Trusted Access program and a wave of government partnerships. Here's what model-risk, procurement, and security-policy teams should demand before they rely on it.
Agentic AI Security: Why Architecture Beats Model Size in Vulnerability Discovery
The CyberGym leaderboard shows the lead in AI vulnerability discovery moving to multi-agent orchestration, not raw model scale. Here is what that means for security teams betting on agentic AI.