Safeguard
Topic

AI Security

In-depth guides and analysis on ai security from the Safeguard engineering team.

676 articles

AI Security

What is AI Code Remediation?

AI code remediation turns vulnerability findings into ready-to-merge patches. Here's how it works, where Veracode's approach falls short, and how Safeguard closes the gap.

Jun 21, 20267 min read
AI Security

What is Vibe Coding (and its security risk)?

Vibe coding lets AI write your app while you skip the review. Veracode found 45% of AI-generated code is vulnerable. Here's the risk, and how Safeguard closes the gap.

Jun 21, 20267 min read
AI Security

AI Code Security Tools: risks of restricting them

Banning AI coding assistants doesn't remove the risk, it just removes visibility. Here's why restriction backfires and what actually secures AI-generated code.

Jun 19, 20267 min read
AI Security

Building Securely with AI (secure AI-assisted development)

AI coding assistants ship code fast — Veracode found 45% of AI-generated code contains security flaws. Here's what secure AI-assisted development actually requires.

Jun 16, 20267 min read
AI Security

AIBOM in 2026: Treating AI Models as a Software Supply Chain

The AI bill of materials is graduating from optional security artifact to procurement requirement. Here is what AIBOM/ML-BOM actually tracks in 2026, how it ties to the EU AI Act, and where it still falls short.

Jun 15, 20267 min read
AI Security

Slopsquatting: When AI Hallucinates Package Names

LLMs invent plausible package names; attackers register them and wait. How slopsquatting works, why hallucinations repeat predictably, and the gates that stop it.

Jun 14, 20266 min read
AI Security

OWASP Top 10 for LLM Applications explained

A breakdown of the 2025 OWASP Top 10 for LLM Applications—prompt injection, supply chain, excessive agency—with real examples and fixes.

Jun 14, 20267 min read
AI Security

Securing LangChain and LlamaIndex Applications in Production

Agent frameworks ship fast and patch fast. The CVE history, the dangerous defaults, and a production hardening baseline for LangChain and LlamaIndex apps.

Jun 14, 20266 min read
AI Security

Prompt injection attacks: direct vs indirect

Direct prompt injection comes from the chat box; indirect injection hides in the data your AI agent trusts. Here's how the two attack types differ and what stops each.

Jun 14, 20266 min read
AI Security

Agent hijacking: the real-world impact of prompt injection

From a zero-click Microsoft 365 Copilot breach to poisoned MCP servers, AI agent hijacking is now a real, documented software supply chain threat.

Jun 14, 20267 min read
AI Security

Securing Model Context Protocol (MCP) servers

MCP server security explained through real 2025 CVEs, tool poisoning, and rug-pull attacks, plus concrete controls security teams need to defend AI agent tool calls.

Jun 14, 20267 min read
AI Security

mcp-scan: detecting malicious MCP tool definitions

MCP lets AI agents call tools via plain-text descriptions the model trusts blindly. Here's how mcp-scan catches poisoning, rug-pulls, and shadowing.

Jun 13, 20266 min read
AI Security (Page 9) — Supply Chain Security Blog | Safeguard