Safeguard
Topic

Industry Analysis

In-depth guides and analysis on industry analysis from the Safeguard engineering team.

294 articles

Industry Analysis

Secure Random Number Generation in C# with RandomNumberGe...

Why System.Random is a security liability in C# and how RandomNumberGenerator prevents predictable tokens, nonces, and keys in .NET applications.

Oct 19, 20256 min read
Industry Analysis

Secure Random Number Generation in Java with SecureRandom...

Why java.util.Random and even UUID.randomUUID() can leak predictable tokens, and how Java's SecureRandom and NIST DRBG providers actually protect secrets.

Oct 18, 20257 min read
Industry Analysis

Supply Chain Attack Trends: Q3 2025

A data-led look at software supply chain attacks in Q3 2025: npm maintainer phishing, VS Code extension abuse, and a quiet shift toward CI/CD targeting.

Sep 25, 20254 min read
Industry Analysis

How Snyk AI-BOM discovers agents, tools, models, and data...

How Snyk AI-BOM's static analysis engine discovers agents, tools, models, datasets, and MCP servers hiding in code, even without a manifest file.

Aug 21, 20258 min read
Industry Analysis

How Snyk AI-BOM detects MCP servers connected to an appli...

A technical look at how Snyk's AI-BOM statically detects MCP client-server connections in source code, what CycloneDX data it captures, and where its coverage stops.

Aug 21, 20258 min read
Industry Analysis

How Snyk AI-BOM generates a CycloneDX v1.6-compliant ML-BOM

How Snyk's aibom CLI uses static analysis to detect models, agents, and MCP servers, then maps them into a CycloneDX v1.6-compliant ML-BOM structure.

Aug 21, 20257 min read
Industry Analysis

How Snyk AI-BOM surfaces shadow AI usage that security te...

How Snyk's AI-BOM uses code-level analysis, not manifest parsing, to surface shadow AI models, agent frameworks, and MCP servers security teams don't know are running.

Aug 20, 20257 min read
Industry Analysis

How Snyk's AI-BOM API lets teams query AI component inven...

How Snyk's AI-BOM API exposes AI model and dataset inventories as queryable, CycloneDX-aligned data teams can pull into CI, GRC, and asset tooling programmatically.

Aug 20, 20258 min read
Industry Analysis

How Snyk AI-BOM identifies prompt files and prompt-inject...

How Snyk's AI-BOM tooling discovers prompt files, SKILL.md packages, and MCP tool chains, and the detection engine it uses to flag prompt-injection risk.

Aug 19, 20256 min read
Industry Analysis

How Snyk approaches securing AI-generated code from codin...

A technical look at how Snyk's DeepCode AI engine, Agent Fix, and Snyk Studio MCP server scan and govern code from AI coding assistants like Claude Code and Cursor.

Aug 19, 20258 min read
Industry Analysis

How Snyk's AI-SPM approach extends ASPM concepts to AI sy...

How Snyk's Evo AI-SPM extends ASPM's discover-assess-enforce loop to models, datasets, and agents, based on its March 2026 GA launch and public documentation.

Aug 19, 20258 min read
Industry Analysis

How the Snyk CLI's JSON output format supports custom too...

A technical look at how Snyk CLI's --json and --sarif output structure vulnerability data, its exit-code quirks, and the official tools that turn it into reports.

Aug 17, 20257 min read
Industry Analysis (Page 19) — Supply Chain Security Blog | Safeguard