AI Security
In-depth guides and analysis on ai security from the Safeguard engineering team.
676 articles
What is AI Code Remediation?
AI code remediation turns vulnerability findings into ready-to-merge patches. Here's how it works, where Veracode's approach falls short, and how Safeguard closes the gap.
What is Vibe Coding (and its security risk)?
Vibe coding lets AI write your app while you skip the review. Veracode found 45% of AI-generated code is vulnerable. Here's the risk, and how Safeguard closes the gap.
AI Code Security Tools: risks of restricting them
Banning AI coding assistants doesn't remove the risk, it just removes visibility. Here's why restriction backfires and what actually secures AI-generated code.
Building Securely with AI (secure AI-assisted development)
AI coding assistants ship code fast — Veracode found 45% of AI-generated code contains security flaws. Here's what secure AI-assisted development actually requires.
AIBOM in 2026: Treating AI Models as a Software Supply Chain
The AI bill of materials is graduating from optional security artifact to procurement requirement. Here is what AIBOM/ML-BOM actually tracks in 2026, how it ties to the EU AI Act, and where it still falls short.
Slopsquatting: When AI Hallucinates Package Names
LLMs invent plausible package names; attackers register them and wait. How slopsquatting works, why hallucinations repeat predictably, and the gates that stop it.
OWASP Top 10 for LLM Applications explained
A breakdown of the 2025 OWASP Top 10 for LLM Applications—prompt injection, supply chain, excessive agency—with real examples and fixes.
Securing LangChain and LlamaIndex Applications in Production
Agent frameworks ship fast and patch fast. The CVE history, the dangerous defaults, and a production hardening baseline for LangChain and LlamaIndex apps.
Prompt injection attacks: direct vs indirect
Direct prompt injection comes from the chat box; indirect injection hides in the data your AI agent trusts. Here's how the two attack types differ and what stops each.
Agent hijacking: the real-world impact of prompt injection
From a zero-click Microsoft 365 Copilot breach to poisoned MCP servers, AI agent hijacking is now a real, documented software supply chain threat.
Securing Model Context Protocol (MCP) servers
MCP server security explained through real 2025 CVEs, tool poisoning, and rug-pull attacks, plus concrete controls security teams need to defend AI agent tool calls.
mcp-scan: detecting malicious MCP tool definitions
MCP lets AI agents call tools via plain-text descriptions the model trusts blindly. Here's how mcp-scan catches poisoning, rug-pulls, and shadowing.