Industry Analysis
In-depth guides and analysis on industry analysis from the Safeguard engineering team.
294 articles
Secure Random Number Generation in C# with RandomNumberGe...
Why System.Random is a security liability in C# and how RandomNumberGenerator prevents predictable tokens, nonces, and keys in .NET applications.
Secure Random Number Generation in Java with SecureRandom...
Why java.util.Random and even UUID.randomUUID() can leak predictable tokens, and how Java's SecureRandom and NIST DRBG providers actually protect secrets.
Supply Chain Attack Trends: Q3 2025
A data-led look at software supply chain attacks in Q3 2025: npm maintainer phishing, VS Code extension abuse, and a quiet shift toward CI/CD targeting.
How Snyk AI-BOM discovers agents, tools, models, and data...
How Snyk AI-BOM's static analysis engine discovers agents, tools, models, datasets, and MCP servers hiding in code, even without a manifest file.
How Snyk AI-BOM detects MCP servers connected to an appli...
A technical look at how Snyk's AI-BOM statically detects MCP client-server connections in source code, what CycloneDX data it captures, and where its coverage stops.
How Snyk AI-BOM generates a CycloneDX v1.6-compliant ML-BOM
How Snyk's aibom CLI uses static analysis to detect models, agents, and MCP servers, then maps them into a CycloneDX v1.6-compliant ML-BOM structure.
How Snyk AI-BOM surfaces shadow AI usage that security te...
How Snyk's AI-BOM uses code-level analysis, not manifest parsing, to surface shadow AI models, agent frameworks, and MCP servers security teams don't know are running.
How Snyk's AI-BOM API lets teams query AI component inven...
How Snyk's AI-BOM API exposes AI model and dataset inventories as queryable, CycloneDX-aligned data teams can pull into CI, GRC, and asset tooling programmatically.
How Snyk AI-BOM identifies prompt files and prompt-inject...
How Snyk's AI-BOM tooling discovers prompt files, SKILL.md packages, and MCP tool chains, and the detection engine it uses to flag prompt-injection risk.
How Snyk approaches securing AI-generated code from codin...
A technical look at how Snyk's DeepCode AI engine, Agent Fix, and Snyk Studio MCP server scan and govern code from AI coding assistants like Claude Code and Cursor.
How Snyk's AI-SPM approach extends ASPM concepts to AI sy...
How Snyk's Evo AI-SPM extends ASPM's discover-assess-enforce loop to models, datasets, and agents, based on its March 2026 GA launch and public documentation.
How the Snyk CLI's JSON output format supports custom too...
A technical look at how Snyk CLI's --json and --sarif output structure vulnerability data, its exit-code quirks, and the official tools that turn it into reports.